openssl-engine-0.9.6 merge

661 files changed, 47521 insertions, 15812 deletions

diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index d73c41adcd..d85555a7e6 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -65,13 +65,13 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-static int ssl_write(BIO *h,char *buf,int num);
-static int ssl_read(BIO *h,char *buf,int size);
-static int ssl_puts(BIO *h,char *str);
-static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ssl_new(BIO *h);
 static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 typedef struct bio_ssl_st
         {
         SSL *ssl; /* The ssl handle :-) */
@@ -105,7 +105,7 @@ static int ssl_new(BIO *bi)
         {
         BIO_SSL *bs;
 
-        bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+        bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
         if (bs == NULL)
                 {
                 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
@@ -133,7 +133,7 @@ static int ssl_free(BIO *a)
                 a->flags=0;
                 }
         if (a->ptr != NULL)
-                Free(a->ptr);
+                OPENSSL_free(a->ptr);
         return(1);
         }
         
@@ -221,7 +221,7 @@ static int ssl_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int ssl_write(BIO *b, char *out, int outl)
+static int ssl_write(BIO *b, const char *out, int outl)
         {
         int ret,r=0;
         int retry_reason=0;
@@ -289,7 +289,7 @@ static int ssl_write(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         SSL **sslp,*ssl;
         BIO_SSL *bs;
@@ -470,7 +470,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long ssl_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         SSL *ssl;
         BIO_SSL *bs;
@@ -492,7 +492,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, void (*fp)())
         return(ret);
         }
 
-static int ssl_puts(BIO *bp, char *str)
+static int ssl_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/crypto/Makefile b/src/lib/libssl/crypto/Makefile
index 7a3ddaa2c8..4af52d0245 100644
--- a/src/lib/libssl/crypto/Makefile
+++ b/src/lib/libssl/crypto/Makefile
@@ -94,27 +94,21 @@ SRCS+=	stack.c
 CFLAGS+= -I${LCRYPTO_SRC}/lhash
 SRCS+=  lhash.c lh_stats.c                                      
 CFLAGS+= -I${LCRYPTO_SRC}/rand
-SRCS+=  md_rand.c randfile.c rand_lib.c rand_egd.c rand_err.c
+SRCS+=  md_rand.c randfile.c rand_lib.c rand_egd.c rand_err.c rand_win.c
 CFLAGS+= -I${LCRYPTO_SRC}/err
 SRCS+=  err.c err_all.c err_prn.c                               
 CFLAGS+= -I${LCRYPTO_SRC}/objects
 SRCS+=  obj_dat.c obj_lib.c obj_err.c o_names.c
 CFLAGS+= -I${LCRYPTO_SRC}/evp
-SRCS+=  encode.c digest.c evp_enc.c evp_key.c           
-SRCS+=  e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c         
-SRCS+=  e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c         
-SRCS+=  e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c           
-SRCS+=  e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c     
-SRCS+=  e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c     
-SRCS+=  e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c      
-SRCS+=  e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c        
-SRCS+=  e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c       
-SRCS+=  m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c        
-SRCS+=  m_dss1.c m_mdc2.c m_ripemd.c p_open.c           
-SRCS+=  p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
-SRCS+=  p_dec.c bio_md.c bio_b64.c bio_enc.c            
-SRCS+=  evp_err.c e_null.c c_all.c c_allc.c c_alld.c evp_lib.c
-SRCS+=  bio_ok.c evp_pbe.c evp_pkey.c p5_crpt.c p5_crpt2.c
+SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c
+SRCS+= digest.c e_bf.c e_cast.c e_des.c e_des3.c
+SRCS+= e_null.c e_rc2.c e_rc4.c e_xcbc_d.c encode.c evp_enc.c
+SRCS+= evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_dss.c
+SRCS+= m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c m_ripemd.c
+SRCS+= m_sha.c m_sha1.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c
+SRCS+= p_lib.c p_open.c p_seal.c p_sign.c p_verify.c
+CFLAGS+= -I${LCRYPTO_SRC}/md4
+SRCS+= md4_dgst.c md4_one.c
 CFLAGS+= -I${LCRYPTO_SRC}/pem
 SRCS+=  pem_sign.c pem_seal.c pem_info.c pem_lib.c      
 SRCS+=  pem_all.c pem_err.c 
@@ -139,8 +133,7 @@ SRCS+=	asn1_err.c a_meth.c a_bytes.c evp_asn1.c
 SRCS+=  a_enum.c a_gentm.c a_time.c a_utf8.c a_vis.c 
 SRCS+=  asn_pack.c f_enum.c nsseq.c p5_pbe.c p5_pbev2.c 
 SRCS+=  p8_pkey.c t_crl.c a_meth.c a_null.c a_strnid.c a_mbstr.c
-#SRCS+= p8_key.c t_bitst.c t_spki.c t_x509a.c x_x509a.c
-SRCS+=  t_bitst.c t_spki.c t_x509a.c x_x509a.c
+SRCS+=  t_bitst.c t_spki.c t_x509a.c x_x509a.c a_strex.c
 CFLAGS+= -I${LCRYPTO_SRC}/x509
 SRCS+=  x509_def.c x509_d2.c x509_r2x.c x509_cmp.c      
 SRCS+=  x509_obj.c x509_req.c x509_vfy.c x509_set.c     
@@ -153,7 +146,7 @@ SRCS+=	v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_int.c
 SRCS+=  v3_lib.c v3_pku.c v3_prn.c v3_skey.c v3_sxnet.c v3_utl.c
 SRCS+=  v3err.c v3_info.c v3_purp.c
 CFLAGS+= -I${LCRYPTO_SRC}/conf
-SRCS+=  conf.c conf_err.c                                       
+SRCS+=  conf_err.c conf_lib.c conf_def.c conf_api.c cnf_save.c
 CFLAGS+= -I${LCRYPTO_SRC}/txt_db
 SRCS+=  txt_db.c                                                        
 CFLAGS+= -I${LCRYPTO_SRC}/pkcs7
@@ -164,14 +157,76 @@ CFLAGS+= -I${LCRYPTO_SRC}/pkcs12
 SRCS+=  p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c
 SRCS+=  p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c
 SRCS+=  p12_mutl.c p12_sbag.c p12_utl.c pk12err.c p12_npas.c
+CFLAGS+= -I${LCRYPTO_SRC}/engine
+SRCS+= engine_err.c engine_lib.c engine_list.c engine_openssl.c
+SRCS+= hw_ncipher.c hw_atalla.c hw_cswift.c
 
-HDRS= asn1.h dh.h md5.h rc4.h stack.h asn1_mac.h dsa.h mdc2.h rc5.h     \
-      tls1.h bio.h e_os.h objects.h ripemd.h tmdiff.h blowfish.h        \
-      e_os2.h opensslconf.h rsa.h txt_db.h bn.h ebcdic.h opensslv.h     \
-      rsaref.h x509.h buffer.h err.h pem.h safestack.h x509_vfy.h       \
-      cast.h evp.h pem2.h sha.h x509v3.h comp.h hmac.h pkcs12.h ssl.h   \
-      conf.h idea.h pkcs7.h ssl2.h crypto.h lhash.h rand.h ssl23.h      \
-      des.h md2.h rc2.h ssl3.h
+
+#HDRS= asn1.h dh.h md5.h rc4.h stack.h asn1_mac.h dsa.h mdc2.h rc5.h    \
+#      tls1.h bio.h e_os.h objects.h ripemd.h tmdiff.h blowfish.h       \
+#      e_os2.h opensslconf.h rsa.h txt_db.h bn.h ebcdic.h opensslv.h    \
+#      rsaref.h x509.h buffer.h err.h pem.h safestack.h x509_vfy.h      \
+#      cast.h evp.h pem2.h sha.h x509v3.h comp.h hmac.h pkcs12.h ssl.h  \
+#      conf.h idea.h pkcs7.h ssl2.h crypto.h lhash.h rand.h ssl23.h     \
+#      des.h md2.h rc2.h ssl3.h
+
+HDRS= asn1.h \
+asn1_mac.h  \
+bio.h \
+blowfish.h \
+bn.h \
+buffer.h \
+cast.h \
+comp.h \
+conf.h \
+conf_api.h \
+crypto.h \
+des.h \
+dh.h \
+dsa.h \
+dso.h \
+e_os.h \
+e_os2.h \
+ebcdic.h \
+engine.h \
+err.h \
+evp.h \
+hmac.h \
+idea.h \
+lhash.h \
+md2.h \
+md4.h \
+md5.h \
+mdc2.h \
+obj_mac.h \
+objects.h \
+opensslconf.h \
+opensslv.h \
+pem.h \
+pem2.h \
+pkcs12.h \
+pkcs7.h \
+rand.h \
+rc2.h \
+rc4.h \
+rc5.h \
+ripemd.h \
+rsa.h \
+rsaref.h \
+safestack.h \
+sha.h \
+ssl.h \
+ssl2.h \
+ssl23.h \
+ssl3.h \
+stack.h \
+symhacks.h \
+tls1.h \
+tmdiff.h \
+txt_db.h \
+x509.h \
+x509_vfy.h \
+x509v3.h
 
 
 .PATH:  ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/sha ${LCRYPTO_SRC}/mdc2    \
@@ -183,7 +238,7 @@ HDRS= asn1.h dh.h md5.h rc4.h stack.h asn1_mac.h dsa.h mdc2.h rc5.h	\
         ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/asn1  ${LCRYPTO_SRC}/asn1 \
         ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/conf txt_db/txt_db.c ${LCRYPTO_SRC}/pkcs7 \
         ${LCRYPTO_SRC}/x509v3 ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/comp \
-        ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}
+        ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/md4 ${LCRYPTO_SRC}/engine ${LCRYPTO_SRC}
 
 includes:
         @test -d ${DESTDIR}/usr/include/ssl || mkdir ${DESTDIR}/usr/include/ssl
diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version
index c87e1c60d4..c29621c831 100644
--- a/src/lib/libssl/crypto/shlib_version
+++ b/src/lib/libssl/crypto/shlib_version
@@ -1,2 +1,2 @@
 major=2
-minor=4
+minor=5
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 880eace4da..5da519e7e4 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
 that will copy all the subject alternative name values from the issuer 
 certificate (if possible).
 
+Example:
+
+issuserAltName = issuer:copy
+
+Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+
+Example:
+
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
 CRL distribution points.
 
 This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
 after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
 example.
 
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+
+int i;
+void *ext;
+
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
+
 3. Generating extensions.
 
 An extension will typically be generated from a configuration file, or some
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
new file mode 100644
index 0000000000..61ccc5d7e0
--- /dev/null
+++ b/src/lib/libssl/doc/standards.txt
@@ -0,0 +1,121 @@
+Standards related to OpenSSL
+============================
+
+[Please, this is currently a draft.  I made a first try at finding
+ documents that describe parts of what OpenSSL implements.  There are
+ big gaps, and I've most certainly done something wrong.  Please
+ correct whatever is...  Also, this note should be removed when this
+ file is reaching a somewhat correct state.        -- Richard Levitte]
+
+
+All pointers in here will be either URL's or blobs of text borrowed
+from miscellaneous indexes, like rfc-index.txt (index of RFCs),
+1id-index.txt (index of Internet drafts) and the like.
+
+To find the latest possible RFCs, it's recommended to either browse
+ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
+use the search mechanism found there.
+To find the latest possible Internet drafts, it's recommended to
+browse ftp://ftp.isi.edu/internet-drafts/.
+To find the latest possible PKCS, it's recommended to browse
+http://www.rsasecurity.com/rsalabs/pkcs/.
+
+
+Implemented:
+------------
+
+These are documents that describe things that are implemented in OpenSSL.
+
+1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
+     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
+
+1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=32407 bytes) (Status: INFORMATIONAL)
+
+1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=35222 bytes) (Status: INFORMATIONAL)
+
+2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
+     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
+
+2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
+     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
+
+2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
+
+2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+
+2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+     J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+     RFC2313) (Status: INFORMATIONAL)
+
+2459 Internet X.509 Public Key Infrastructure Certificate and CRL
+     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
+     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
+
+PKCS#8: Private-Key Information Syntax Standard
+
+PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+
+
+Related:
+--------
+
+These are documents that are close to OpenSSL, for example the
+STARTTLS documents.
+
+1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
+     Encryption and Authentication Procedures. J. Linn. February 1993.
+     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
+     STANDARD)
+
+1422 Privacy Enhancement for Internet Electronic Mail: Part II:
+     Certificate-Based Key Management. S. Kent. February 1993. (Format:
+     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
+
+1423 Privacy Enhancement for Internet Electronic Mail: Part III:
+     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
+     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
+     STANDARD)
+
+1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
+     Certification and Related Services. B. Kaliski. February 1993.
+     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
+
+2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
+     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+
+2585 Internet X.509 Public Key Infrastructure Operational Protocols:
+     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
+     bytes) (Status: PROPOSED STANDARD)
+
+2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
+     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
+     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
+     STANDARD)
+
+2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
+     (Status: INFORMATIONAL)
+
+  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+ 
+
+To be implemented:
+------------------
+
+These are documents that describe things that are planed to be
+implemented in the hopefully short future.
+
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index aaedf6a9bb..5050a13ef2 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -366,7 +366,9 @@ static int ssl23_get_server_hello(SSL *s)
                         }
 
                 s->state=SSL2_ST_GET_SERVER_HELLO_A;
-                s->s2->ssl2_rollback=1;
+                if (!(s->client_version == SSL2_VERSION))
+                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+                        s->s2->ssl2_rollback=1;
 
                 /* setup the 5 bytes we have read so we get them from
                  * the sslv2 buffer */
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 6a3bbb10b9..050618235f 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -297,7 +297,7 @@ int ssl23_get_client_hello(SSL *s)
                                         if (n <= 0) return(n);
                                         p=s->packet;
 
-                                        if ((buf=Malloc(n)) == NULL)
+                                        if ((buf=OPENSSL_malloc(n)) == NULL)
                                                 {
                                                 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
                                                 goto err;
@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
                          * SSLv3 or tls1 header
                          */
                         
-                        v[0]=p[1]; /* major version */
+                        v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
                         /* We must look at client_version inside the Client Hello message
-                         * to get the correct minor version: */
-                        v[1]=p[10];
-                        /* However if we have only a pathologically small fragment of the
-                         * Client Hello message, we simply use the version from the
-                         * record header -- this is incorrect but unlikely to fail in
-                         * practice */
+                         * to get the correct minor version.
+                         * However if we have only a pathologically small fragment of the
+                         * Client Hello message, this would be difficult, we'd have
+                         * to read at least one additional record to find out.
+                         * This doesn't usually happen in real life, so we just complain
+                         * for now.
+                         */
                         if (p[3] == 0 && p[4] < 6)
-                                v[1]=p[2];
+                                {
+                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+                                goto err;
+                                }
+                        v[1]=p[10]; /* minor version according to client_version */
                         if (v[1] >= TLS1_VERSION_MINOR)
                                 {
                                 if (!(s->options & SSL_OP_NO_TLSv1))
@@ -495,9 +500,12 @@ int ssl23_get_client_hello(SSL *s)
 
                 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
                 if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-                        use_sslv2_strong)
+                        use_sslv2_strong ||
+                        (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
                         s->s2->ssl2_rollback=0;
                 else
+                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
                         s->s2->ssl2_rollback=1;
 
                 /* setup the n bytes we have read so we get them from
@@ -559,10 +567,10 @@ int ssl23_get_client_hello(SSL *s)
                 }
         s->init_num=0;
 
-        if (buf != buf_space) Free(buf);
+        if (buf != buf_space) OPENSSL_free(buf);
         s->first_packet=1;
         return(SSL_accept(s));
 err:
-        if (buf != buf_space) Free(buf);
+        if (buf != buf_space) OPENSSL_free(buf);
         return(-1);
         }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 03e0c38770..d92c164b0f 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -567,7 +567,7 @@ int ssl3_setup_buffers(SSL *s)
                         extra=SSL3_RT_MAX_EXTRA;
                 else
                         extra=0;
-                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+                if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
                         == NULL)
                         goto err;
                 s->s3->rbuf.buf=p;
@@ -575,7 +575,7 @@ int ssl3_setup_buffers(SSL *s)
 
         if (s->s3->wbuf.buf == NULL)
                 {
-                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE))
+                if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE))
                         == NULL)
                         goto err;
                 s->s3->wbuf.buf=p;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0c8f551f73..62040f9f1d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -69,7 +69,7 @@ static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
 static int ssl3_get_server_hello(SSL *s);
 static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 static int ssl3_get_server_done(SSL *s);
 static int ssl3_send_client_verify(SSL *s);
 static int ssl3_send_client_certificate(SSL *s);
@@ -142,7 +142,12 @@ int ssl3_connect(SSL *s)
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
                         if ((s->version & 0xff00 ) != 0x0300)
-                                abort();
+                                {
+                                SSLerr(SSL_F_SSL3_CONNECT, SSL_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                                }
+                                
                         /* s->version=SSL3_VERSION; */
                         s->type=SSL_ST_CONNECT;
 
@@ -764,6 +769,7 @@ static int ssl3_get_server_certificate(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
                 goto f_err; 
                 }
+        ERR_clear_error(); /* but we keep s->verify_result */
 
         sc=ssl_sess_cert_new();
         if (sc == NULL) goto err;
@@ -934,10 +940,12 @@ static int ssl3_get_key_exchange(SSL *s)
                 s->session->sess_cert->peer_rsa_tmp=rsa;
                 rsa=NULL;
                 }
-        else
+#else /* NO_RSA */
+        if (0)
+                ;
 #endif
 #ifndef NO_DH
-                if (alg & SSL_kEDH)
+        else if (alg & SSL_kEDH)
                 {
                 if ((dh=DH_new()) == NULL)
                         {
@@ -993,10 +1001,12 @@ static int ssl3_get_key_exchange(SSL *s)
 #ifndef NO_RSA
                 if (alg & SSL_aRSA)
                         pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-                else
+#else
+                if (0)
+                        ;
 #endif
 #ifndef NO_DSA
-                if (alg & SSL_aDSS)
+                else if (alg & SSL_aDSS)
                         pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
                 /* else anonymous DH, so no certificate or pkey. */
@@ -1010,7 +1020,7 @@ static int ssl3_get_key_exchange(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
                 goto f_err;
                 }
-#endif
+#endif /* !NO_DH */
         if (alg & SSL_aFZA)
                 {
                 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1274,7 +1284,7 @@ err:
         return(ret);
         }
 
-static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
         {
         return(X509_NAME_cmp(*a,*b));
         }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 7ada26cbb6..cee2021b6b 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -648,7 +648,7 @@ int ssl3_new(SSL *s)
         {
         SSL3_STATE *s3;
 
-        if ((s3=Malloc(sizeof *s3)) == NULL) goto err;
+        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
         memset(s3,0,sizeof *s3);
 
         s->s3=s3;
@@ -666,11 +666,11 @@ void ssl3_free(SSL *s)
 
         ssl3_cleanup_key_block(s);
         if (s->s3->rbuf.buf != NULL)
-                Free(s->s3->rbuf.buf);
+                OPENSSL_free(s->s3->rbuf.buf);
         if (s->s3->wbuf.buf != NULL)
-                Free(s->s3->wbuf.buf);
+                OPENSSL_free(s->s3->wbuf.buf);
         if (s->s3->rrec.comp != NULL)
-                Free(s->s3->rrec.comp);
+                OPENSSL_free(s->s3->rrec.comp);
 #ifndef NO_DH
         if (s->s3->tmp.dh != NULL)
                 DH_free(s->s3->tmp.dh);
@@ -678,7 +678,7 @@ void ssl3_free(SSL *s)
         if (s->s3->tmp.ca_names != NULL)
                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
         memset(s->s3,0,sizeof *s->s3);
-        Free(s->s3);
+        OPENSSL_free(s->s3);
         s->s3=NULL;
         }
 
@@ -692,7 +692,7 @@ void ssl3_clear(SSL *s)
 
         if (s->s3->rrec.comp != NULL)
                 {
-                Free(s->s3->rrec.comp);
+                OPENSSL_free(s->s3->rrec.comp);
                 s->s3->rrec.comp=NULL;
                 }
 #ifndef NO_DH
@@ -1041,7 +1041,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
                 (char *)sorted,
                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                (int (*)())ssl_cipher_ptr_id_cmp);
+                FP_ICC ssl_cipher_ptr_id_cmp);
         if ((cpp == NULL) || !(*cpp)->valid)
                 return(NULL);
         else
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index eb965310d9..1414079853 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -899,19 +899,21 @@ start:
                                         return(-1);
                                         }
 
-                                if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                if (!(s->mode & SSL_MODE_AUTO_RETRY))
                                         {
-                                        BIO *bio;
-                                        /* In the case where we try to read application data
-                                         * the first time, but we trigger an SSL handshake, we
-                                         * return -1 with the retry option set.  I do this
-                                         * otherwise renegotiation can cause nasty problems 
-                                         * in the blocking world */ /* ? */
-                                        s->rwstate=SSL_READING;
-                                        bio=SSL_get_rbio(s);
-                                        BIO_clear_retry_flags(bio);
-                                        BIO_set_retry_read(bio);
-                                        return(-1);
+                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                                {
+                                                BIO *bio;
+                                                /* In the case where we try to read application data,
+                                                 * but we trigger an SSL handshake, we return -1 with
+                                                 * the retry option set.  Otherwise renegotiation may
+                                                 * cause nasty problems in the blocking world */
+                                                s->rwstate=SSL_READING;
+                                                bio=SSL_get_rbio(s);
+                                                BIO_clear_retry_flags(bio);
+                                                BIO_set_retry_read(bio);
+                                                return(-1);
+                                                }
                                         }
                                 }
                         }
@@ -954,7 +956,7 @@ start:
                         s->rwstate=SSL_NOTHING;
                         s->s3->fatal_alert = alert_descr;
                         SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-                        sprintf(tmp,"%d",alert_descr);
+                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
                         ERR_add_error_data(2,"SSL alert number ",tmp);
                         s->shutdown|=SSL_RECEIVED_SHUTDOWN;
                         SSL_CTX_remove_session(s->ctx,s->session);
@@ -1022,19 +1024,21 @@ start:
                         return(-1);
                         }
 
-                if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                if (!(s->mode & SSL_MODE_AUTO_RETRY))
                         {
-                        BIO *bio;
-                        /* In the case where we try to read application data
-                         * the first time, but we trigger an SSL handshake, we
-                         * return -1 with the retry option set.  I do this
-                         * otherwise renegotiation can cause nasty problems 
-                         * in the blocking world */ /* ? */
-                        s->rwstate=SSL_READING;
-                        bio=SSL_get_rbio(s);
-                        BIO_clear_retry_flags(bio);
-                        BIO_set_retry_read(bio);
-                        return(-1);
+                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                {
+                                BIO *bio;
+                                /* In the case where we try to read application data,
+                                 * but we trigger an SSL handshake, we return -1 with
+                                 * the retry option set.  Otherwise renegotiation may
+                                 * cause nasty problems in the blocking world */
+                                s->rwstate=SSL_READING;
+                                bio=SSL_get_rbio(s);
+                                BIO_clear_retry_flags(bio);
+                                BIO_set_retry_read(bio);
+                                return(-1);
+                                }
                         }
                 goto start;
                 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index e23ca20bd3..bb8cfb31e5 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -153,7 +153,10 @@ int ssl3_accept(SSL *s)
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
                         if ((s->version>>8) != 3)
-                                abort();
+                                {
+                                SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR);
+                                return -1;
+                                }
                         s->type=SSL_ST_ACCEPT;
 
                         if (s->init_buf == NULL)
@@ -982,7 +985,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                         dhp=cert->dh_tmp;
                         if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
                                 dhp=s->cert->dh_tmp_cb(s,
-                                      !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
                                       SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
                         if (dhp == NULL)
                                 {
@@ -1326,11 +1329,22 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         goto f_err;
                         }
 
-                if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
+                if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
                         {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
-                        goto f_err;
+                        /* The premaster secret must contain the same version number as the
+                         * ClientHello to detect version rollback attacks (strangely, the
+                         * protocol does not offer such protection for DH ciphersuites).
+                         * However, buggy clients exist that send the negotiated protocol
+                         * version instead if the server does not support the requested
+                         * protocol version.
+                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+                        if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+                                (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+                                goto f_err;
+                                }
                         }
 
                 s->session->master_key_length=
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
index c87e1c60d4..c29621c831 100644
--- a/src/lib/libssl/shlib_version
+++ b/src/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
 major=2
-minor=4
+minor=5
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index bf61913d7b..87853c3b29 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,811 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
+  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+     BIO_ctrl (for BIO pairs).
+     [Bodo Möller]
+
+  *) Add DSO method for VMS.
+     [Richard Levitte]
+
+  *) Bug fix: Montgomery multiplication could produce results with the
+     wrong sign.
+     [Ulf Möller]
+
+  *) Add RPM specification openssl.spec and modify it to build three
+     packages.  The default package contains applications, application
+     documentation and run-time libraries.  The devel package contains
+     include files, static libraries and function documentation.  The
+     doc package contains the contents of the doc directory.  The original
+     openssl.spec was provided by Damien Miller <djm@mindrot.org>.
+     [Richard Levitte]
+     
+  *) Add a large number of documentation files for many SSL routines.
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Add a configuration entry for Sony News 4.
+     [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
+
+  *) Don't set the two most significant bits to one when generating a
+     random number < q in the DSA library.
+     [Ulf Möller]
+
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
+  *) Add a few more EBCDIC conditionals that make `req' and `x509'
+     work better on such systems.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+     Update PKCS12_parse() so it copies the friendlyName and the
+     keyid to the certificates aux info.
+     [Steve Henson]
+
+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su@celocom.de>]
+
+  *) Major change in util/mkdef.pl to include extra information
+     about each symbol, as well as presentig variables as well
+     as functions.  This change means that there's n more need
+     to rebuild the .num files when some algorithms are excluded.
+     [Richard Levitte]
+
+  *) Allow the verify time to be set by an application,
+     rather than always using the current time.
+     [Steve Henson]
+  
+  *) Phase 2 verify code reorganisation. The certificate
+     verify code now looks up an issuer certificate by a
+     number of criteria: subject name, authority key id
+     and key usage. It also verifies self signed certificates
+     by the same criteria. The main comparison function is
+     X509_check_issued() which performs these checks.
+ 
+     Lot of changes were necessary in order to support this
+     without completely rewriting the lookup code.
+ 
+     Authority and subject key identifier are now cached.
+ 
+     The LHASH 'certs' is X509_STORE has now been replaced
+     by a STACK_OF(X509_OBJECT). This is mainly because an
+     LHASH can't store or retrieve multiple objects with
+     the same hash value.
+
+     As a result various functions (which were all internal
+     use only) have changed to handle the new X509_STORE
+     structure. This will break anything that messed round
+     with X509_STORE internally.
+ 
+     The functions X509_STORE_add_cert() now checks for an
+     exact match, rather than just subject name.
+ 
+     The X509_STORE API doesn't directly support the retrieval
+     of multiple certificates matching a given criteria, however
+     this can be worked round by performing a lookup first
+     (which will fill the cache with candidate certificates)
+     and then examining the cache for matches. This is probably
+     the best we can do without throwing out X509_LOOKUP
+     entirely (maybe later...).
+ 
+     The X509_VERIFY_CTX structure has been enhanced considerably.
+ 
+     All certificate lookup operations now go via a get_issuer()
+     callback. Although this currently uses an X509_STORE it
+     can be replaced by custom lookups. This is a simple way
+     to bypass the X509_STORE hackery necessary to make this
+     work and makes it possible to use more efficient techniques
+     in future. A very simple version which uses a simple
+     STACK for its trusted certificate store is also provided
+     using X509_STORE_CTX_trusted_stack().
+ 
+     The verify_cb() and verify() callbacks now have equivalents
+     in the X509_STORE_CTX structure.
+ 
+     X509_STORE_CTX also has a 'flags' field which can be used
+     to customise the verify behaviour.
+     [Steve Henson]
+ 
+  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 
+     excludes S/MIME capabilities.
+     [Steve Henson]
+
+  *) When a certificate request is read in keep a copy of the
+     original encoding of the signed data and use it when outputing
+     again. Signatures then use the original encoding rather than
+     a decoded, encoded version which may cause problems if the
+     request is improperly encoded.
+     [Steve Henson]
+
+  *) For consistency with other BIO_puts implementations, call
+     buffer_write(b, ...) directly in buffer_puts instead of calling
+     BIO_write(b, ...).
+
+     In BIO_puts, increment b->num_write as in BIO_write.
+     [Peter.Sylvester@EdelWeb.fr]
+
+  *) Fix BN_mul_word for the case where the word is 0. (We have to use
+     BN_zero, we may not return a BIGNUM with an array consisting of
+     words set to zero.)
+     [Bodo Moeller]
+
+  *) Avoid calling abort() from within the library when problems are
+     detected, except if preprocessor symbols have been defined
+     (such as REF_CHECK, BN_DEBUG etc.).
+     [Bodo Moeller]
+
+  *) New openssl application 'rsautl'. This utility can be
+     used for low level RSA operations. DER public key
+     BIO/fp routines also added.
+     [Steve Henson]
+
+  *) New Configure entry and patches for compiling on QNX 4.
+     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
+
+  *) A demo state-machine implementation was sponsored by
+     Nuron (http://www.nuron.com/) and is now available in
+     demos/state_machine.
+     [Ben Laurie]
+
+  *) New options added to the 'dgst' utility for signature
+     generation and verification.
+     [Steve Henson]
+
+  *) Unrecognized PKCS#7 content types are now handled via a
+     catch all ASN1_TYPE structure. This allows unsupported
+     types to be stored as a "blob" and an application can
+     encode and decode it manually.
+     [Steve Henson]
+
+  *) Fix various signed/unsigned issues to make a_strex.c
+     compile under VC++.
+     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
+
+  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+     length if passed a buffer. ASN1_INTEGER_to_BN failed
+     if passed a NULL BN and its argument was negative.
+     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
+
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
+  *) Added BIO_vprintf() and BIO_vsnprintf().
+     [Richard Levitte]
+
+  *) Added more prefixes to parse for in the the strings written
+     through a logging bio, to cover all the levels that are available
+     through syslog.  The prefixes are now:
+
+        PANIC, EMERG, EMR       =>      LOG_EMERG
+        ALERT, ALR              =>      LOG_ALERT
+        CRIT, CRI               =>      LOG_CRIT
+        ERROR, ERR              =>      LOG_ERR
+        WARNING, WARN, WAR      =>      LOG_WARNING
+        NOTICE, NOTE, NOT       =>      LOG_NOTICE
+        INFO, INF               =>      LOG_INFO
+        DEBUG, DBG              =>      LOG_DEBUG
+
+     and as before, if none of those prefixes are present at the
+     beginning of the string, LOG_ERR is chosen.
+
+     On Win32, the LOG_* levels are mapped according to this:
+
+        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
+        LOG_WARNING                             => EVENTLOG_WARNING_TYPE
+        LOG_NOTICE, LOG_INFO, LOG_DEBUG         => EVENTLOG_INFORMATION_TYPE
+
+     [Richard Levitte]
+
+  *) Made it possible to reconfigure with just the configuration
+     argument "reconf" or "reconfigure".  The command line arguments
+     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+     and are retrieved from there when reconfiguring.
+     [Richard Levitte]
+
+  *) MD4 implemented.
+     [Assar Westerlund <assar@sics.se>, Richard Levitte]
+
+  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+     [Richard Levitte]
+
+  *) The obj_dat.pl script was messing up the sorting of object
+     names. The reason was that it compared the quoted version
+     of strings as a result "OCSP" > "OCSP Signing" because
+     " > SPACE. Changed script to store unquoted versions of
+     names and add quotes on output. It was also omitting some
+     names from the lookup table if they were given a default
+     value (that is if SN is missing it is given the same
+     value as LN and vice versa), these are now added on the
+     grounds that if an object has a name we should be able to
+     look it up. Finally added warning output when duplicate
+     short or long names are found.
+     [Steve Henson]
+
+  *) Changes needed for Tandem NSK.
+     [Scott Uroff <scott@xypro.com>]
+
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
+  *) Make it possible to get hexdumps of unprintable data with 'openssl
+     asn1parse'.  By implication, the functions ASN1_parse_dump() and
+     BIO_dump_indent() are added.
+     [Richard Levitte]
+
+  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+     these print out strings and name structures based on various
+     flags including RFC2253 support and proper handling of
+     multibyte characters. Added options to the 'x509' utility 
+     to allow the various flags to be set.
+     [Steve Henson]
+
+  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+     Also change the functions X509_cmp_current_time() and
+     X509_gmtime_adj() work with an ASN1_TIME structure,
+     this will enable certificates using GeneralizedTime in validity
+     dates to be checked.
+     [Steve Henson]
+
+  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+     negative public key encodings) on by default,
+     NO_NEG_PUBKEY_BUG can be set to disable it.
+     [Steve Henson]
+
+  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+     content octets. An i2c_ASN1_OBJECT is unnecessary because
+     the encoding can be trivially obtained from the structure.
+     [Steve Henson]
+
+  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+     not read locks (CRYPTO_r_[un]lock).
+     [Bodo Moeller]
+
+  *) A first attempt at creating official support for shared
+     libraries through configuration.  I've kept it so the
+     default is static libraries only, and the OpenSSL programs
+     are always statically linked for now, but there are
+     preparations for dynamic linking in place.
+     This has been tested on Linux and True64.
+     [Richard Levitte]
+
+  *) Randomness polling function for Win9x, as described in:
+     Peter Gutmann, Software Generation of Practically Strong
+     Random Numbers.
+     [Ulf Möller]
+
+  *) Fix so PRNG is seeded in req if using an already existing
+     DSA key.
+     [Steve Henson]
+
+  *) New options to smime application. -inform and -outform
+     allow alternative formats for the S/MIME message including
+     PEM and DER. The -content option allows the content to be
+     specified separately. This should allow things like Netscape
+     form signing output easier to verify.
+     [Steve Henson]
+
+  *) Fix the ASN1 encoding of tags using the 'long form'.
+     [Steve Henson]
+
+  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+     STRING types. These convert content octets to and from the
+     underlying type. The actual tag and length octets are
+     already assumed to have been read in and checked. These
+     are needed because all other string types have virtually
+     identical handling apart from the tag. By having versions
+     of the ASN1 functions that just operate on content octets
+     IMPLICIT tagging can be handled properly. It also allows
+     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+     and ASN1_INTEGER are identical apart from the tag.
+     [Steve Henson]
+
+  *) Change the handling of OID objects as follows:
+
+     - New object identifiers are inserted in objects.txt, following
+       the syntax given in objects.README.
+     - objects.pl is used to process obj_mac.num and create a new
+       obj_mac.h.
+     - obj_dat.pl is used to create a new obj_dat.h, using the data in
+       obj_mac.h.
+
+     This is currently kind of a hack, and the perl code in objects.pl
+     isn't very elegant, but it works as I intended.  The simplest way
+     to check that it worked correctly is to look in obj_dat.h and
+     check the array nid_objs and make sure the objects haven't moved
+     around (this is important!).  Additions are OK, as well as
+     consistent name changes. 
+     [Richard Levitte]
+
+  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+     [Bodo Moeller]
+
+  *) Addition of the command line parameter '-rand file' to 'openssl req'.
+     The given file adds to whatever has already been seeded into the
+     random pool through the RANDFILE configuration file option or
+     environment variable, or the default random state file.
+     [Richard Levitte]
+
+  *) mkstack.pl now sorts each macro group into lexical order.
+     Previously the output order depended on the order the files
+     appeared in the directory, resulting in needless rewriting
+     of safestack.h .
+     [Steve Henson]
+
+  *) Patches to make OpenSSL compile under Win32 again. Mostly
+     work arounds for the VC++ problem that it treats func() as
+     func(void). Also stripped out the parts of mkdef.pl that
+     added extra typesafe functions: these no longer exist.
+     [Steve Henson]
+
+  *) Reorganisation of the stack code. The macros are now all 
+     collected in safestack.h . Each macro is defined in terms of
+     a "stack macro" of the form SKM_<name>(type, a, b). The 
+     DEBUG_SAFESTACK is now handled in terms of function casts,
+     this has the advantage of retaining type safety without the
+     use of additional functions. If DEBUG_SAFESTACK is not defined
+     then the non typesafe macros are used instead. Also modified the
+     mkstack.pl script to handle the new form. Needs testing to see
+     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+     the default if no major problems. Similar behaviour for ASN1_SET_OF
+     and PKCS12_STACK_OF.
+     [Steve Henson]
+
+  *) When some versions of IIS use the 'NET' form of private key the
+     key derivation algorithm is different. Normally MD5(password) is
+     used as a 128 bit RC4 key. In the modified case
+     MD5(MD5(password) + "SGCKEYSALT")  is used insted. Added some
+     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+     as the old Netscape_RSA functions except they have an additional
+     'sgckey' parameter which uses the modified algorithm. Also added
+     an -sgckey command line option to the rsa utility. Thanks to 
+     Adrian Peck <bertie@ncipher.com> for posting details of the modified
+     algorithm to openssl-dev.
+     [Steve Henson]
+
+  *) The evp_local.h macros were using 'c.##kname' which resulted in
+     invalid expansion on some systems (SCO 5.0.5 for example).
+     Corrected to 'c.kname'.
+     [Phillip Porch <root@theporch.com>]
+
+  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+     a STACK of email addresses from a certificate or request, these look
+     in the subject name and the subject alternative name extensions and 
+     omit any duplicate addresses.
+     [Steve Henson]
+
+  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+     This makes DSA verification about 2 % faster.
+     [Bodo Moeller]
+
+  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+     (meaning that now 2^5 values will be precomputed, which is only 4 KB
+     plus overhead for 1024 bit moduli).
+     This makes exponentiations about 0.5 % faster for 1024 bit
+     exponents (as measured by "openssl speed rsa2048").
+     [Bodo Moeller]
+
+  *) Rename memory handling macros to avoid conflicts with other
+     software:
+          Malloc         =>  OPENSSL_malloc
+          Malloc_locked  =>  OPENSSL_malloc_locked
+          Realloc        =>  OPENSSL_realloc
+          Free           =>  OPENSSL_free
+     [Richard Levitte]
+
+  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+     [Bodo Moeller]
+
+  *) CygWin32 support.
+     [John Jarvie <jjarvie@newsguy.com>]
+
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
+  *) The STACK code has been cleaned up, and certain type declarations
+     that didn't make a lot of sense have been brought in line. This has
+     also involved a cleanup of sorts in safestack.h to more correctly
+     map type-safe stack functions onto their plain stack counterparts.
+     This work has also resulted in a variety of "const"ifications of
+     lots of the code, especially "_cmp" operations which should normally
+     be prototyped with "const" parameters anyway.
+     [Geoff Thorpe]
+
+  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+     (The PRNG state consists of two parts, the large pool 'state' and 'md',
+     where all of 'md' is used each time the PRNG is used, but 'state'
+     is used only indexed by a cyclic counter. As entropy may not be
+     well distributed from the beginning, 'md' is important as a
+     chaining variable. However, the output function chains only half
+     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
+     all of 'md', and seeding with STATE_SIZE dummy bytes will result
+     in all of 'state' being rewritten, with the new values depending
+     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
+     [Bodo Moeller]
+
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) Major EVP API cipher revision.
+     Add hooks for extra EVP features. This allows various cipher
+     parameters to be set in the EVP interface. Support added for variable
+     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+     setting of RC2 and RC5 parameters.
+
+     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+     ciphers.
+
+     Remove lots of duplicated code from the EVP library. For example *every*
+     cipher init() function handles the 'iv' in the same way according to the
+     cipher mode. They also all do nothing if the 'key' parameter is NULL and
+     for CFB and OFB modes they zero ctx->num.
+
+     New functionality allows removal of S/MIME code RC2 hack.
+
+     Most of the routines have the same form and so can be declared in terms
+     of macros.
+
+     By shifting this to the top level EVP_CipherInit() it can be removed from
+     all individual ciphers. If the cipher wants to handle IVs or keys
+     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+     flags.
+
+     Change lots of functions like EVP_EncryptUpdate() to now return a
+     value: although software versions of the algorithms cannot fail
+     any installed hardware versions can.
+     [Steve Henson]
+
+  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+     this option is set, tolerate broken clients that send the negotiated
+     protocol version number instead of the requested protocol version
+     number.
+     [Bodo Moeller]
+
+  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+     i.e. non-zero for export ciphersuites, zero otherwise.
+     Previous versions had this flag inverted, inconsistent with
+     rsa_tmp_cb (..._TMP_RSA_CB).
+     [Bodo Moeller; problem reported by Amit Chopra]
+
+  *) Add missing DSA library text string. Work around for some IIS
+     key files with invalid SEQUENCE encoding.
+     [Steve Henson]
+
+  *) Add a document (doc/standards.txt) that list all kinds of standards
+     and so on that are implemented in OpenSSL.
+     [Richard Levitte]
+
+  *) Enhance c_rehash script. Old version would mishandle certificates
+     with the same subject name hash and wouldn't handle CRLs at all.
+     Added -fingerprint option to crl utility, to support new c_rehash
+     features.
+     [Steve Henson]
+
+  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+     [Ulf Möller]
+
+  *) Fix for SSL server purpose checking. Server checking was
+     rejecting certificates which had extended key usage present
+     but no ssl client purpose.
+     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
+
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
+  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+     perror when PEM_read_bio_X509_REQ fails, the error message must
+     be obtained from the error queue.
+     [Bodo Moeller]
+
+  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+     it in ERR_remove_state if appropriate, and change ERR_get_state
+     accordingly to avoid race conditions (this is necessary because
+     thread_hash is no longer constant once set).
+     [Bodo Moeller]
+
+  *) Bugfix for linux-elf makefile.one.
+     [Ulf Möller]
+
+  *) RSA_get_default_method() will now cause a default
+     RSA_METHOD to be chosen if one doesn't exist already.
+     Previously this was only set during a call to RSA_new()
+     or RSA_new_method(NULL) meaning it was possible for
+     RSA_get_default_method() to return NULL.
+     [Geoff Thorpe]
+
+  *) Added native name translation to the existing DSO code
+     that will convert (if the flag to do so is set) filenames
+     that are sufficiently small and have no path information
+     into a canonical native form. Eg. "blah" converted to
+     "libblah.so" or "blah.dll" etc.
+     [Geoff Thorpe]
+
+  *) New function ERR_error_string_n(e, buf, len) which is like
+     ERR_error_string(e, buf), but writes at most 'len' bytes
+     including the 0 terminator.  For ERR_error_string_n, 'buf'
+     may not be NULL.
+     [Damien Miller <djm@mindrot.org>, Bodo Moeller]
+
+  *) CONF library reworked to become more general.  A new CONF
+     configuration file reader "class" is implemented as well as a
+     new functions (NCONF_*, for "New CONF") to handle it.  The now
+     old CONF_* functions are still there, but are reimplemented to
+     work in terms of the new functions.  Also, a set of functions
+     to handle the internal storage of the configuration data is
+     provided to make it easier to write new configuration file
+     reader "classes" (I can definitely see something reading a
+     configuration file in XML format, for example), called _CONF_*,
+     or "the configuration storage API"...
+
+     The new configuration file reading functions are:
+
+        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+        NCONF_default, NCONF_WIN32
+
+        NCONF_dump_fp, NCONF_dump_bio
+
+     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+     NCONF_new creates a new CONF object.  This works in the same way
+     as other interfaces in OpenSSL, like the BIO interface.
+     NCONF_dump_* dump the internal storage of the configuration file,
+     which is useful for debugging.  All other functions take the same
+     arguments as the old CONF_* functions wth the exception of the
+     first that must be a `CONF *' instead of a `LHASH *'.
+
+     To make it easer to use the new classes with the old CONF_* functions,
+     the function CONF_set_default_method is provided.
+     [Richard Levitte]
+
+  *) Add '-tls1' option to 'openssl ciphers', which was already
+     mentioned in the documentation but had not been implemented.
+     (This option is not yet really useful because even the additional
+     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+     [Bodo Moeller]
+
+  *) Initial DSO code added into libcrypto for letting OpenSSL (and
+     OpenSSL-based applications) load shared libraries and bind to
+     them in a portable way.
+     [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
+
+  *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili@amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf@suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf Möller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke@trustcenter.de>]
+
  Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
 
   *) PKCS7_encrypt() was adding text MIME headers twice because they
@@ -510,11 +1315,11 @@
 
      With these changes, a new set of functions and macros have appeared:
 
-       CRYPTO_set_mem_debug_functions()         [F]
-       CRYPTO_get_mem_debug_functions()         [F]
-       CRYPTO_dbg_set_options()                 [F]
-       CRYPTO_dbg_get_options()                 [F]
-       CRYPTO_malloc_debug_init()               [M]
+       CRYPTO_set_mem_debug_functions()         [F]
+       CRYPTO_get_mem_debug_functions()         [F]
+       CRYPTO_dbg_set_options()                 [F]
+       CRYPTO_dbg_get_options()                 [F]
+       CRYPTO_malloc_debug_init()               [M]
 
      The memory debug functions are NULL by default, unless the library
      is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 2cd716b423..5513b434e2 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -23,15 +23,30 @@ my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
+# [no-]shared   [don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
+# no-dso        do not compile in any native shared-library methods. This
+#               will ensure that all methods just return NULL.
 # 386           generate 80386 code
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
-# 
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#               provided to stack calls. Generates unique stack functions for
+#               each possible stack type.
 # DES_PTR       use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1     use different DES_ENCRYPT macro that helps reduce register
 #               dependancies but needs to more registers, good for RISC CPU's
@@ -86,25 +101,29 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
-#config-string  $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj
+#config-string  $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
 
 my %table=(
-#"b",           "$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c",    "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri",    "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+# File 'TABLE' (created by 'make TABLE') contains the data from this list,
+# formatted for better readability.
+
+
+#"b",           "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c",    "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri",    "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
 
 # Our development configs
 "purify",       "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
-"debug",        "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
-"debug-ben",    "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-debug",      "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-strict",     "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-bodo",   "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-ulf",    "gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-steve",  "gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-levitte-linux-elf","gcc:-DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
+"debug",        "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug",      "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",   "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",    "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",  "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
 "dist",         "cc:-O::(unknown):::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -117,32 +136,32 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
 
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
 
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:::",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
 ####
-"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
 
 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -158,7 +177,7 @@ my %table=(
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
 
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
@@ -168,11 +187,11 @@ my %table=(
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -202,32 +221,43 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #                                       <appro@fy.chalmers.se>
 #
-"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:::",
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
+
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler@cup.hp.com>
+# Kevin Steves <ks@hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
 
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.
 
-"hpux-cc",      "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-cc",      "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",        "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-brokencc",        "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 
-"hpux-gcc",     "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-gcc",     "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",       "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-brokengcc",       "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 
 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",    "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-cc",    "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",      "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-brokencc",      "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 
-"hpux10-gcc",   "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-gcc",   "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",     "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-brokengcc",     "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 
 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -235,13 +265,16 @@ my %table=(
 #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o::",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
-"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
 
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -256,42 +289,51 @@ my %table=(
 #
 #                                       <appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
 
 # assembler versions -- currently defunct:
 ##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-elf",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-aout",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",   "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",   "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"nextstep",     "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
-"nextstep3.3",  "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"NetBSD-x86",   "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"nextstep",     "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",  "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# QNX 4
+"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+
+# Linux on ARM
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # UnixWare 7
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
 
 #
@@ -320,12 +362,12 @@ my %table=(
 # DGUX, 88100.
 "dgux-R3-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",      "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R4-x86-gcc",      "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -338,22 +380,24 @@ my %table=(
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
-"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
+"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
 "VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
 "VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 "VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
 "VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
+"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
 "BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
-# CygWin32
+# Mingw32
 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
 # and its library files in util/pl/*)
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+
+# CygWin32
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -364,24 +408,29 @@ my %table=(
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
 "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
 "OpenBSD-vax",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
 "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
 "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 
 ##### MacOS X (a.k.a. Rhapsody) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
 
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
 );
 
 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
-        BC-16 CygWin32 Mingw32);
+        BC-16 Mingw32);
 
 my $prefix="";
 my $openssldir="";
 my $install_prefix="";
 my $no_threads=0;
+my $no_shared=1;
 my $threads=0;
 my $no_asm=0;
+my $no_dso=0;
 my @skip=();
 my $Makefile="Makefile.ssl";
 my $des_locl="crypto/des/des_locl.h";
@@ -412,94 +461,161 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
 
 &usage if ($#ARGV < 0);
 
-my $flags="";
-my $depflags="";
-my $openssl_algorithm_defines="";
-my $openssl_thread_defines="";
-my $openssl_other_defines="";
-my $libs="";
-my $target="";
-my $options="";
-foreach (@ARGV)
+my $flags;
+my $depflags;
+my $openssl_algorithm_defines;
+my $openssl_thread_defines;
+my $openssl_other_defines;
+my $libs;
+my $target;
+my $options;
+my $symlink;
+
+my @argvcopy=@ARGV;
+my $argvstring="";
+my $argv_unprocessed=1;
+
+while($argv_unprocessed)
         {
-        if (/^no-asm$/)
-                {
-                $no_asm=1;
-                $flags .= "-DNO_ASM ";
-                $openssl_other_defines .= "#define NO_ASM\n";
-                }
-        elsif (/^no-threads$/)
-                { $no_threads=1; }
-        elsif (/^threads$/)
-                { $threads=1; }
-        elsif (/^no-(.+)$/)
+        $flags="";
+        $depflags="";
+        $openssl_algorithm_defines="";
+        $openssl_thread_defines="";
+        $openssl_other_defines="";
+        $libs="";
+        $target="";
+        $options="";
+        $symlink=1;
+
+        $argv_unprocessed=0;
+        $argvstring=join(' ',@argvcopy);
+
+PROCESS_ARGS:
+        foreach (@argvcopy)
                 {
-                my $algo=$1;
-                push @skip,$algo;
-                $algo =~ tr/[a-z]/[A-Z]/;
-                $flags .= "-DNO_$algo ";
-                $depflags .= "-DNO_$algo ";
-                $openssl_algorithm_defines .= "#define NO_$algo\n";
-                if ($algo eq "DES")
+                s /^-no-/no-/; # some people just can't read the instructions
+                if (/^no-asm$/)
+                        {
+                        $no_asm=1;
+                        $flags .= "-DNO_ASM ";
+                        $openssl_other_defines .= "#define NO_ASM\n";
+                        }
+                elsif (/^no-hw-(.+)$/)
                         {
-                        push @skip, "mdc2";
-                        $options .= " no-mdc2";
-                        $flags .= "-DNO_MDC2 ";
-                        $depflags .= "-DNO_MDC2 ";
-                        $openssl_algorithm_defines .= "#define NO_MDC2\n";
+                        my $hw=$1;
+                        $hw =~ tr/[a-z]/[A-Z]/;
+                        $flags .= "-DNO_HW_$hw ";
+                        $openssl_other_defines .= "#define NO_HW_$hw\n";
                         }
-                }
-        elsif (/^386$/)
-                { $processor=386; }
-        elsif (/^rsaref$/)
-                {
-                $libs.= "-lRSAglue -lrsaref ";
-                $flags.= "-DRSAref ";
-                $openssl_other_defines .= "#define RSAref\n";
-                }
-        elsif (/^[-+]/)
-                {
-                if (/^-[lL](.*)$/)
+                elsif (/^no-hw$/)
                         {
-                        $libs.=$_." ";
+                        $flags .= "-DNO_HW ";
+                        $openssl_other_defines .= "#define NO_HW\n";
                         }
-                elsif (/^-[^-]/ or /^\+/)
+                elsif (/^no-dso$/)
+                        { $no_dso=1; }
+                elsif (/^no-threads$/)
+                        { $no_threads=1; }
+                elsif (/^threads$/)
+                        { $threads=1; }
+                elsif (/^no-shared$/)
+                        { $no_shared=1; }
+                elsif (/^shared$/)
+                        { $no_shared=0; }
+                elsif (/^no-symlinks$/)
+                        { $symlink=0; }
+                elsif (/^no-(.+)$/)
                         {
-                        $flags.=$_." ";
+                        my $algo=$1;
+                        push @skip,$algo;
+                        $algo =~ tr/[a-z]/[A-Z]/;
+                        $flags .= "-DNO_$algo ";
+                        $depflags .= "-DNO_$algo ";
+                        $openssl_algorithm_defines .= "#define NO_$algo\n";
+                        if ($algo eq "DES")
+                                {
+                                push @skip, "mdc2";
+                                $options .= " no-mdc2";
+                                $flags .= "-DNO_MDC2 ";
+                                $depflags .= "-DNO_MDC2 ";
+                                $openssl_algorithm_defines .= "#define NO_MDC2\n";
+                                }
                         }
-                elsif (/^--prefix=(.*)$/)
+                elsif (/^reconfigure/ || /^reconf/)
                         {
-                        $prefix=$1;
+                        if (open(IN,"<$Makefile"))
+                                {
+                                while (<IN>)
+                                        {
+                                        chop;
+                                        if (/^CONFIGURE_ARGS=(.*)/)
+                                                {
+                                                $argvstring=$1;
+                                                @argvcopy=split(' ',$argvstring);
+                                                die "Incorrect data to reconfigure, please do a normal configuration\n"
+                                                        if (grep(/^reconf/,@argvcopy));
+                                                print "Reconfiguring with: $argvstring\n";
+                                                $argv_unprocessed=1;
+                                                close(IN);
+                                                last PROCESS_ARGS;
+                                                }
+                                        }
+                                close(IN);
+                                }
+                        die "Insufficient data to reconfigure, please do a normal configuration\n";
                         }
-                elsif (/^--openssldir=(.*)$/)
+                elsif (/^386$/)
+                        { $processor=386; }
+                elsif (/^rsaref$/)
                         {
-                        $openssldir=$1;
+                        $libs.= "-lRSAglue -lrsaref ";
+                        $flags.= "-DRSAref ";
+                        $openssl_other_defines .= "#define RSAref\n";
                         }
-                elsif (/^--install.prefix=(.*)$/)
+                elsif (/^[-+]/)
                         {
-                        $install_prefix=$1;
+                        if (/^-[lL](.*)$/)
+                                {
+                                $libs.=$_." ";
+                                }
+                        elsif (/^-[^-]/ or /^\+/)
+                                {
+                                $flags.=$_." ";
+                                }
+                        elsif (/^--prefix=(.*)$/)
+                                {
+                                $prefix=$1;
+                                }
+                        elsif (/^--openssldir=(.*)$/)
+                                {
+                                $openssldir=$1;
+                                }
+                        elsif (/^--install.prefix=(.*)$/)
+                                {
+                                $install_prefix=$1;
+                                }
+                        else
+                                {
+                                print STDERR $usage;
+                                exit(1);
+                                }
+                        }
+                elsif ($_ =~ /^([^:]+):(.+)$/)
+                        {
+                        eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+                        $target=$1;
                         }
                 else
                         {
-                        print STDERR $usage;
-                        exit(1);
+                        die "target already defined - $target\n" if ($target ne "");
+                        $target=$_;
+                        }
+                unless ($_ eq $target) {
+                        if ($options eq "") {
+                                $options = $_;
+                        } else {
+                                $options .= " ".$_;
                         }
-                }
-        elsif ($_ =~ /^([^:]+):(.+)$/)
-                {
-                eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
-                $target=$1;
-                }
-        else
-                {
-                die "target already defined - $target\n" if ($target ne "");
-                $target=$_;
-                }
-        unless ($_ eq $target) {
-                if ($options eq "") {
-                        $options = $_;
-                } else {
-                        $options .= " ".$_;
                 }
         }
 }
@@ -519,6 +635,8 @@ if ($target eq "LIST") {
         exit 0;
 }
 
+print "Configuring for $target\n";
+
 &usage if (!defined($table{$target}));
 
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
@@ -536,10 +654,39 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
 
 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
-        split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+        split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+my $dso_cflags;
+if (!$no_dso && $dso_scheme ne "")
+        {
+        $dso_scheme =~ tr/[a-z]/[A-Z]/;
+        if ($dso_scheme eq "DLFCN")
+                {
+                $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+                $openssl_other_defines .= "#define DSO_DLFCN\n";
+                $openssl_other_defines .= "#define HAVE_DLFCN_H\n";
+                }
+        elsif ($dso_scheme eq "DLFCN_NO_H")
+                {
+                $dso_cflags = "-DDSO_DLFCN";
+                $openssl_other_defines .= "#define DSO_DLFCN\n";
+                }
+        else
+                {
+                $dso_cflags = "-DDSO_$dso_scheme";
+                $openssl_other_defines .= "#define DSO_$dso_scheme\n";
+                }
+        $cflags = "$dso_cflags $cflags";
+        }
+
 my $thread_cflags;
 my $thread_defines;
 if ($thread_cflag ne "(unknown)" && !$no_threads)
@@ -582,6 +729,19 @@ if ($threads)
                 $openssl_thread_defines .= $thread_defines;
         }
 
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark1 = "";
+my $shared_mark2 = "";
+if ($shared_cflag ne "")
+        {
+        $cflags = "$shared_cflag $cflags";
+        if (!$no_shared)
+                {
+                $shared_mark1 = ".shlib-clean.";
+                $shared_mark2 = ".shlib.";
+                }
+        }
+
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@@ -613,13 +773,20 @@ if ($rmd160_obj =~ /\.o$/)
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
 
 open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
 while (<IN>)
         {
         $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+        $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+        $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
         }
 close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
 
 if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
         {
@@ -627,6 +794,12 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
         $minor=$2;
         }
 
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+        {
+        $shlib_major=$1;
+        $shlib_minor=$2;
+        }
+
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
 print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
@@ -645,11 +818,16 @@ while (<IN>)
         s/^VERSION=.*/VERSION=$version/;
         s/^MAJOR=.*/MAJOR=$major/;
         s/^MINOR=.*/MINOR=$minor/;
+        s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+        s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+        s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+        s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
         s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
         s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
         s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
         s/^PLATFORM=.*$/PLATFORM=$target/;
         s/^OPTIONS=.*$/OPTIONS=$options/;
+        s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
         s/^CC=.*$/CC= $cc/;
         s/^CFLAG=.*$/CFLAG= $cflags/;
         s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
@@ -666,6 +844,10 @@ while (<IN>)
         s/^PROCESSOR=.*/PROCESSOR= $processor/;
         s/^RANLIB=.*/RANLIB= $ranlib/;
         s/^PERL=.*/PERL= $perl/;
+        s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+        s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
+        s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
+        s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
         print OUT $_."\n";
         }
 close(IN);
@@ -848,16 +1030,18 @@ if($IsWindows) {
 EOF
         close(OUT);
 } else {
-        (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
+        (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+                if $symlink;
         ### (system 'make depend') == 0 or exit $? if $depflags ne "";
         # Run "make depend" manually if you want to be able to delete
         # the source code files of ciphers you left out.
-        &dofile("tools/c_rehash",$openssldir,'^DIR=',   'DIR=%s',);
         if ( $perl =~ m@^/@) {
+            &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
             &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
             &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
         } else {
             # No path for Perl known ...
+            &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
             &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
             &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
         }           
@@ -866,9 +1050,6 @@ EOF
 print <<EOF;
 
 Configured for $target.
-
-NOTE: OpenSSL header files were moved from <*.h> to <openssl/*.h>;
-see file INSTALL for hints on coping with compatibility problems.
 EOF
 
 print <<\EOF if (!$no_threads && !$threads);
@@ -939,12 +1120,11 @@ sub dofile
                 {
                 grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
                 }
-        ($ff=$f) =~ s/\..*$//;
-        open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+        open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
         print OUT @a;
         close(OUT);
-        rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
-        rename("$ff.new",$f) || die "unable to rename $ff.new\n";
+        rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+        rename("$f.new",$f) || die "unable to rename $f.new\n";
         }
 
 sub print_table_entry
@@ -953,8 +1133,9 @@ sub print_table_entry
 
         (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
         my $bn_obj,my $des_obj,my $bf_obj,
-        $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
-        split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+        my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+        my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+        split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
                         
         print <<EOF
 
@@ -974,5 +1155,8 @@ sub print_table_entry
 \$rc4_obj      = $rc4_obj
 \$rmd160_obj   = $rmd160_obj
 \$rc5_obj      = $rc5_obj
+\$dso_scheme   = $dso_scheme
+\$shared_target= $shared_target
+\$shared_cflag = $shared_cflag
 EOF
         }
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index ab84a3f9e8..29acc8afdf 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -9,12 +9,30 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get a "PRNG not seeded" error message?
 * Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
+* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* How do I create certificates or certificate requests?
+* Why can't I create certificate requests?
+* Why does <SSL program> fail with a certificate verify error?
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+* How can I create DSA certificates?
+* Why can't I make an SSL connection using a DSA certificate?
+* How can I remove the passphrase on a private key?
+* Why can't the OpenSSH configure script detect OpenSSL?
+* Why does the OpenSSL test fail with "bc: command not found"?
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail with "ar: command not found"?
 
 
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5 was released on February 28th, 2000.
+OpenSSL 0.9.6 was released on September 24th, 2000.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -70,18 +88,14 @@ offer legal advice.
 You can configure OpenSSL so as not to use RC5 and IDEA by using
  ./config no-rc5 no-idea
 
-Until the RSA patent expires, U.S. users may want to use
- ./config no-rc5 no-idea no-rsa
-
-Please note that you will *not* be able to communicate with most of
-the popular web browsers without RSA support.
-
 
 * Is OpenSSL thread-safe?
 
-Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
-multi-threaded versions of the standard libraries.  If your platform
-is not one of these, consult the INSTALL file.
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
 
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
@@ -100,8 +114,28 @@ OpenSSL functions that need randomness report an error if the random
 number generator has not been seeded with at least 128 bits of
 randomness.  If this error occurs, please contact the author of the
 application you are using.  It is likely that it never worked
-correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
-perform potentially insecure encryption.
+correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+to perform potentially insecure encryption.
+
+On systems without /dev/urandom, it is a good idea to use the Entropy
+Gathering Demon; see the RAND_egd() manpage for details.
+
+Most components of the openssl command line tool try to use the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+for seeding the PRNG.  If this file does not exist or is too short,
+the "PRNG not seeded" error message may occur.
+
+[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+0.9.5 does not do this and will fail on systems without /dev/urandom
+when trying to password-encrypt an RSA key!  This is a bug in the
+library; try a later version instead.]
+
+For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+installing the SUNski package from Sun patch 105710-01 (Sparc) which
+adds a /dev/random device and make sure it gets used, usually through
+$RANDFILE.  There are probably similar patches for the other Solaris
+versions.  However, be warned that /dev/random is usually a blocking
+device, which may have some effects on OpenSSL.
 
 
 * Why does the linker complain about undefined symbols?
@@ -113,7 +147,18 @@ If you used ./Configure instead of ./config, make sure that you
 selected the right target.  File formats may differ slightly between
 OS versions (for example sparcv8/sparcv9, or a.out/elf).
 
-If that doesn't help, you may want to try using the current snapshot.
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.
 
 
@@ -128,3 +173,260 @@ a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 
 A number of Linux and *BSD distributions include OpenSSL.
+
+
+* I've compiled a program under Windows and it crashes: why?
+
+This is usually because you've missed the comment in INSTALL.W32. You
+must link with the multithreaded DLL version of the VC++ runtime library
+otherwise the conflict will cause a program to crash: typically on the
+first BIO related read or write operation.
+
+
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+
+You have two options. You can either use a memory BIO in conjunction
+with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
+i2d_XXX(), d2i_XXX() functions directly. Since these are often the
+cause of grief here are some code fragments using PKCS7 as an example:
+
+unsigned char *buf, *p;
+int len;
+
+len = i2d_PKCS7(p7, NULL);
+buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+p = buf;
+i2d_PKCS7(p7, &p);
+
+At this point buf contains the len bytes of the DER encoding of
+p7.
+
+The opposite assumes we already have len bytes in buf:
+
+unsigned char *p;
+p = buf;
+p7 = d2i_PKCS7(NULL, &p, len);
+
+At this point p7 contains a valid PKCS7 structure of NULL if an error
+occurred. If an error occurred ERR_print_errors(bio) should give more
+information.
+
+The reason for the temporary variable 'p' is that the ASN1 functions
+increment the passed pointer so it is ready to read or write the next
+structure. This is often a cause of problems: without the temporary
+variable the buffer pointer is changed to point just after the data
+that has been read or written. This may well be uninitialized data
+and attempts to free the buffer will have unpredictable results
+because it no longer points to the same address.
+
+
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
+This usually happens when you try compiling something using the PKCS#12
+macros with a C++ compiler. There is hardly ever any need to use the
+PKCS#12 macros in a program, it is much easier to parse and create
+PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
+documented in doc/openssl.txt and with examples in demos/pkcs12. The
+'pkcs12' application has to use the macros because it prints out 
+debugging information.
+
+
+* I've called <some function> and it fails, why?
+
+Before submitting a report or asking in one of the mailing lists, you
+should try to determine the cause. In particular, you should call
+ERR_print_errors() or ERR_print_errors_fp() after the failed call
+and see if the message helps. Note that the problem may occur earlier
+than you think -- you should check for errors after every call where
+it is possible, otherwise the actual problem may be hidden because
+some OpenSSL functions clear the error state.
+
+
+* I just get a load of numbers for the error output, what do they mean?
+
+The actual format is described in the ERR_print_errors() manual page.
+You should call the function ERR_load_crypto_strings() before hand and
+the message will be output in text form. If you can't do this (for example
+it is a pre-compiled binary) you can use the errstr utility on the error
+code itself (the hex digits after the second colon).
+
+
+* Why do I get errors about unknown algorithms?
+
+This can happen under several circumstances such as reading in an
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
+is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information.
+
+
+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (currently in doc/openssl.txt).
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+        unable to find 'distinguished_name' in config
+        problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+
+This is almost certainly because you are using an old "export grade" browser
+which only supports weak encryption. Upgrade your browser to support 128 bit
+ciphers.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers (including Netscape and MSIE) only support connections to servers
+supporting RSA cipher suites. The other cause is that a set of DH parameters
+has not been supplied to the server. DH parameters can be created with the
+dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
+check the source to s_server in apps/s_server.c for an example.
+
+
+* How can I remove the passphrase on a private key?
+
+Firstly you should be really *really* sure you want to do this. Leaving
+a private key unencrypted is a major security risk. If you decide that
+you do have to do this check the EXAMPLES sections of the rsa(1) and
+dsa(1) manual pages.
+
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+There is a problem with OpenSSH 1.2.2p1, in that the configure script
+can't find the installed OpenSSL libraries.  The problem is actually
+a small glitch that is easily solved with the following patch to be
+applied to the OpenSSH distribution:
+
+----- snip:start -----
+--- openssh-1.2.2p1/configure.in.orig   Thu Mar 23 18:56:58 2000
++++ openssh-1.2.2p1/configure.in        Thu Mar 23 18:55:05 2000
+@@ -152,10 +152,10 @@
+ AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+        if test ! -z "$ssldir" ; then
+-               LIBS="$saved_LIBS -L$ssldir"
++               LIBS="$saved_LIBS -L$ssldir/lib"
+                CFLAGS="$CFLAGS -I$ssldir/include"
+                if test "x$need_dash_r" = "x1" ; then
+-                       LIBS="$LIBS -R$ssldir"
++                       LIBS="$LIBS -R$ssldir/lib"
+                fi
+        fi
+        LIBS="$LIBS -lcrypto"
+--- openssh-1.2.2p1/configure.orig      Thu Mar 23 18:55:02 2000
++++ openssh-1.2.2p1/configure   Thu Mar 23 18:57:08 2000
+@@ -1890,10 +1890,10 @@
+ echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+        if test ! -z "$ssldir" ; then
+-               LIBS="$saved_LIBS -L$ssldir"
++               LIBS="$saved_LIBS -L$ssldir/lib"
+                CFLAGS="$CFLAGS -I$ssldir/include"
+                if test "x$need_dash_r" = "x1" ; then
+-                       LIBS="$LIBS -R$ssldir"
++                       LIBS="$LIBS -R$ssldir/lib"
+                fi
+        fi
+        LIBS="$LIBS -lcrypto"
+----- snip:end -----
+
+
+* Why does the OpenSSL test fail with "bc: command not found"?
+
+You didn't install "bc", the Unix calculator.  If you want to run the
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+
+
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+
+On some SCO installations or versions, bc has a bug that gets triggered when
+you run the test suite (using "make test").  The message returned is "bc:
+1 not implemented".  The best way to deal with this is to find another
+implementation of bc and compile/install it.  For example, GNU bc (see
+http://www.gnu.org/software/software.html for download instructions) can
+be safely used.
+
+
+* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+
+On some Alpha installations running True64 Unix and Compaq C, the compilation
+of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+memory to continue compilation.'  As far as the tests have shown, this may be
+a compiler bug.  What happens is that it eats up a lot of resident memory
+to build something, probably a table.  The problem is clearly in the
+optimization code, because if one eliminates optimization completely (-O0),
+the compilation goes through (and the compiler consumes about 2MB of resident
+memory instead of 240MB or whatever one's limit is currently).
+
+There are three options to solve this problem:
+
+1. set your current data segment size soft limit higher.  Experience shows
+that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
+this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
+kbytes to set the limit to.
+
+2. If you have a hard limit that is lower than what you need and you can't
+get it changed, you can compile all of OpenSSL with -O0 as optimization
+level.  This is however not a very nice thing to do for those who expect to
+get the best result from OpenSSL.  A bit more complicated solution is the
+following:
+
+----- snip:start -----
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+       sed -e 's/ -O[0-9] / -O0 /'`"
+  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
+  make
+----- snip:end -----
+
+This will only compile sha_dgst.c with -O0, the rest with the optimization
+level chosen by the configuration process.  When the above is done, do the
+test and installation and you're set.
+
+
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+
+Getting this message is quite usual on Solaris 2, because Sun has hidden
+away 'ar' and other development commands in directories that aren't in
+$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
+quickest way to fix this is to do the following (it assumes you use sh
+or any sh-compatible shell):
+
+----- snip:start -----
+  PATH=${PATH}:/usr/ccs/bin; export PATH
+----- snip:end -----
+
+and then redo the compilation.  What you should really do is make sure
+'/usr/ccs/bin' is permanently in your $PATH, for example through your
+'.profile' (again, assuming you use a sh-compatible shell).
+
diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL
index 57a6c808d8..a7854f3d10 100644
--- a/src/lib/libssl/src/INSTALL
+++ b/src/lib/libssl/src/INSTALL
@@ -52,6 +52,15 @@
                 This will usually require additional system-dependent options!
                 See "Note on multi-threading" below.
 
+  no-shared     Don't try to create shared libraries.
+
+  shared        In addition to the usual static libraries, create shared
+                libraries on platforms where it's supported.  See "Note on
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.
+
   no-asm        Do not use assembler code.
 
   386           Use the 80386 instruction set only (the default x86 code is
@@ -117,9 +126,12 @@
      OpenSSL binary ("openssl"). The libraries will be built in the top-level
      directory, and the binary will be in the "apps" directory.
 
-     If "make" fails, please report the problem to <openssl-bugs@openssl.org>
-     (note that your message will be forwarded to a public mailing list).
-     Include the output of "make report" in your message.
+     If "make" fails, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like missing
+     standard headers).  If it is a problem with OpenSSL itself, please
+     report the problem to <openssl-bugs@openssl.org> (note that your
+     message will be forwarded to a public mailing list).  Include the
+     output of "make report" in your message.
 
      [If you encounter assembler error messages, try the "no-asm"
      configuration option as an immediate fix.]
@@ -131,10 +143,13 @@
 
        $ make test
 
-    If a test fails, try removing any compiler optimization flags from
-    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
-    send a bug report to <openssl-bugs@openssl.org>, including the
-    output of "make report".
+     If a test fails, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a missing
+     or malfunctioning bc).  If it is a problem with OpenSSL itself,
+     try removing any compiler optimization flags from the CFLAGS line
+     in Makefile.ssl and run "make clean; make". Please send a bug
+     report to <openssl-bugs@openssl.org>, including the output of
+     "make report".
 
   4. If everything tests ok, install OpenSSL with
 
@@ -252,3 +267,14 @@
  you can still use "no-threads" to suppress an annoying warning message
  from the Configure script.)
 
+
+ Note on shared libraries
+ ------------------------
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl.  On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created.  This method supports Makefile
+ targets for shared library creation, like linux-shared.  Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS
index 0a25324033..1fe78a41bb 100644
--- a/src/lib/libssl/src/INSTALL.VMS
+++ b/src/lib/libssl/src/INSTALL.VMS
@@ -82,12 +82,17 @@ directory.  The syntax is trhe following:
       RSAREF    compile using the RSAREF Library
       NORSAREF  compile without using RSAREF
 
-Note 1: The RSAREF libraries are NOT INCLUDED and you have to
-        download it from "ftp://ftp.rsa.com/rsaref".  You have to
-        get the ".tar-Z" file as the ".zip" file doesn't have the
-        directory structure stored.  You have to extract the file
-        into the [.RSAREF] directory as that is where the scripts
-        will look for the files.
+Note 0: The RASREF library IS NO LONGER NEEDED.  The RSA patent
+        expires September 20, 2000, and RSA Security chose to make
+        the algorithm public domain two weeks before that.
+
+Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
+        and you have to download it.  RSA Security doesn't carry it
+        any more, but there are a number of places where you can find
+        it.  You have to get the ".tar-Z" file as the ".zip" file
+        doesn't have the directory structure stored.  You have to
+        extract the file into the [.RSAREF] directory as that is where
+        the scripts will look for the files.
 
 Note 2: I have never done this, so I've no idea if it works or not.
 
@@ -129,7 +134,7 @@ Currently, the logical names supported are:
                         used.  This is good to try if something doesn't work.
       OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
                         will not be implemented.  Supported algorithms to
-                        do this with are: RSA, DSA, DH, MD2, MD5, RIPEMD,
+                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
                         SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
                         SSL2.  So, for example, having the logical name
                         OPENSSL_NO_RSA with the value YES means that the
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32
index 8c8008b4ad..a98364f50f 100644
--- a/src/lib/libssl/src/INSTALL.W32
+++ b/src/lib/libssl/src/INSTALL.W32
@@ -108,8 +108,8 @@
 
  * Compiler installation:
 
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
-   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
    <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
    make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
    C:\egcs-1.1.2\mingw32.bat to set the PATH.
@@ -132,6 +132,81 @@
    > cd out
    > ..\ms\test
 
+ GNU C (CygWin32)
+ ---------------
+
+ CygWin32 provides a bash shell and GNU tools environment running on
+ NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
+ with CygWin is closer to a GNU bash environment such as Linux rather
+ than other W32 makes that are based on a single makefile approach.
+ CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
+ contrasted to Mingw32 which links dynamically to msvcrt.dll or
+ crtdll.dll.
+
+ To build OpenSSL using CygWin32:
+
+ * Install CygWin32 (see http://sourceware.cygnus.com/cygwin)
+
+ * Install Perl and ensure it is in the path
+
+ * Run the CygWin bash shell
+
+ * $ tar zxvf openssl-x.x.x.tar.gz
+   $ cd openssl-x.x.x
+   $ ./Configure no-threads CygWin32
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+ This will create a default install in /usr/local/ssl.
+
+ CygWin32 Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ As of version 1.1.1 CygWin32 is relatively unstable in its handling
+ of cr/lf issues. These make procedures succeeded with versions 1.1 and
+ the snapshot 20000524 (Slow!).
+
+ "bc" is not provided in the CygWin32 distribution.  This causes a
+ non-fatal error in "make test" but is otherwise harmless.  If
+ desired, GNU bc can be built with CygWin32 without change.
+
+
+ Installation
+ ------------
+
+ There's currently no real installation procedure for Win32.  There are,
+ however, some suggestions:
+
+    - do nothing.  The include files are found in the inc32/ subdirectory,
+      all binaries are found in out32dll/ or out32/ depending if you built
+      dynamic or static libraries.
+
+    - do as is written in INSTALL.Win32 that comes with modssl:
+
+        $ md c:\openssl 
+        $ md c:\openssl\bin
+        $ md c:\openssl\lib
+        $ md c:\openssl\include
+        $ md c:\openssl\include\openssl
+        $ copy /b inc32\*               c:\openssl\include\openssl
+        $ copy /b out32dll\ssleay32.lib c:\openssl\lib
+        $ copy /b out32dll\libeay32.lib c:\openssl\lib
+        $ copy /b out32dll\ssleay32.dll c:\openssl\bin
+        $ copy /b out32dll\libeay32.dll c:\openssl\bin
+        $ copy /b out32dll\openssl.exe  c:\openssl\bin
+
+      Of course, you can choose another device than c:.  C: is used here
+      because that's usually the first (and often only) harddisk device.
+      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
+
+
  Troubleshooting
  ---------------
 
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index cc02130758..0dd8a4e644 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -5,8 +5,15 @@
 VERSION=
 MAJOR=
 MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
 PLATFORM=dist
 OPTIONS=
+CONFIGURE_ARGS=
+SHLIB_TARGET=
+
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -57,7 +64,7 @@ AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --norecurse
+TARFLAGS= --no-recursion
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -144,14 +151,21 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 
-DIRS=   crypto ssl rsaref apps test tools
+# To do special treatment, use "directory names" starting with a period.
+# When we're prepared to use shared libraries in the programs we link here
+# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
+# or have that configurable.
+SHLIB_MARK1=.shlib-clean.
+SHLIB_MARK2=.shlib.
+
+DIRS=   crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
 SHLIBDIRS= crypto ssl
 
 # dirs in crypto to build
 SDIRS=  \
-        md2 md5 sha mdc2 hmac ripemd \
+        md2 md4 md5 sha mdc2 hmac ripemd \
         des rc2 rc4 rc5 idea bf cast \
-        bn rsa dsa dh \
+        bn rsa dsa dh dso engine \
         buffer bio stack lhash rand err objects \
         evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
@@ -167,7 +181,8 @@ TOP=    .
 ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
-LIBS=   libcrypto.a libssl.a 
+LIBS=   libcrypto.a libssl.a
+SHARED_LIBS=libcrypto.so libssl.so
 
 GENERAL=        Makefile
 BASENAME=       openssl
@@ -178,37 +193,108 @@ EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
 
 all: Makefile.ssl
-        @for i in $(DIRS) ;\
+        @need_shlib=true; \
+        for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making all in $$i..." && \
-        $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-        done
-        -@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-        -@# cd perl; $(PERL) Makefile.PL; make
+        if [ "$$i" = ".shlib-clean." ]; then \
+                if [ "$(SHLIB_TARGET)" != "" ]; then \
+                        $(MAKE) clean-shared; \
+                fi; \
+        elif [ "$$i" = ".shlib." ]; then \
+                if [ "$(SHLIB_TARGET)" != "" ]; then \
+                        $(MAKE) $(SHARED_LIBS); \
+                fi; \
+                need_shlib=false; \
+        else \
+                (cd $$i && echo "making all in $$i..." && \
+                $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+        fi; \
+        done; \
+        if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
+                $(MAKE) $(SHARED_LIBS); \
+        fi
 
 sub_all:
-        @for i in $(DIRS) ;\
+        @need_shlib=true; \
+        for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making all in $$i..." && \
-        $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-        done;
+        if [ "$$i" = ".shlib-clean." ]; then \
+                if [ "$(SHLIB_TARGET)" != "" ]; then \
+                        $(MAKE) clean-shared; \
+                fi; \
+        elif [ "$$i" = ".shlib." ]; then \
+                if [ "$(SHLIB_TARGET)" != "" ]; then \
+                        $(MAKE) $(SHARED_LIBS); \
+                fi; \
+                need_shlib=false; \
+        else \
+                (cd $$i && echo "making all in $$i..." && \
+                $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+        fi; \
+        done; \
+        if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
+                $(MAKE) $(SHARED_LIBS); \
+        fi
+
+libcrypto.so: libcrypto.a
+        @if [ "$(SHLIB_TARGET)" != "" ]; then \
+                $(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
+        else \
+                echo "There's no support for shared libraries on this platform" >&2; \
+        fi
+libssl.so: libcrypto.so libssl.a
+        @if [ "$(SHLIB_TARGET)" != "" ]; then \
+                $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
+        else \
+                echo "There's no support for shared libraries on this platform" >&2; \
+        fi
+
+clean-shared:
+        for i in ${SHLIBDIRS}; do \
+        rm -f lib$$i.so \
+                lib$$i.so.${SHLIB_MAJOR} \
+                lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+        done
 
 linux-shared:
-        for i in ${SHLIBDIRS}; do \
-        rm -f lib$$i.a lib$$i.so \
-                lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
-        ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
-        ( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
-                -Wl,-S,-soname=lib$$i.so.${MAJOR} \
+        libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+        rm -f lib$$i.so \
+                lib$$i.so.${SHLIB_MAJOR} \
+                lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+        ( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
                 -Wl,--whole-archive lib$$i.a \
-                -Wl,--no-whole-archive -lc ) || exit 1; \
-        rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
-        done;
-        @set -x; \
-        for i in ${SHLIBDIRS}; do \
-        ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
-        ln -s lib$$i.so.${MAJOR} lib$$i.so; \
-        done;
+                -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+        libs="$$libs -L. -l$$i"; \
+        ( set -x; \
+                ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                        lib$$i.so.${SHLIB_MAJOR}; \
+                ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
+        done
+
+# This assumes that GNU utilities are *not* used
+true64-shared:
+        libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+        ( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+                -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+                -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+        libs="$$libs -L. -l$$i"; \
+        done
+
+# This assumes that GNU utilities are *not* used
+solaris-shared:
+        libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+        rm -f lib$$i.so \
+                lib$$i.so.${SHLIB_MAJOR} \
+                lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+        ( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                -h lib$$i.so.${SHLIB_MAJOR} \
+                -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+        libs="$$libs -L. -l$$i"; \
+        ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                lib$$i.so.${SHLIB_MAJOR}; \
+        ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
+        done
 
 Makefile.ssl: Makefile.org
         @echo "Makefile.ssl is older than Makefile.org."
@@ -222,9 +308,11 @@ clean:
         rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making clean in $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
-        rm -f $(LIBS); \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making clean in $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+                rm -f $(LIBS); \
+        fi; \
         done;
         rm -f *.a *.o speed.* *.map *.so .pure core
         rm -f $(TARFILE)
@@ -241,8 +329,10 @@ files:
         $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making 'files' in $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making 'files' in $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+        fi; \
         done;
 
 links:
@@ -250,21 +340,25 @@ links:
         @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
         @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
         @for i in $(DIRS); do \
-        (cd $$i && echo "making links in $$i..." && \
-        $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making links in $$i..." && \
+                $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+        fi; \
         done;
 
 dclean:
         rm -f *.bak
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making dclean in $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making dclean in $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+        fi; \
         done;
 
 rehash: rehash.time
 rehash.time: certs
-        @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+        @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
         touch rehash.time
 
 test:   tests
@@ -280,41 +374,52 @@ report:
 depend:
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making dependencies $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making dependencies $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+        fi; \
         done;
 
 lint:
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making lint $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making lint $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+        fi; \
         done;
 
 tags:
         @for i in $(DIRS) ;\
         do \
-        (cd $$i && echo "making tags $$i..." && \
-        $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i && echo "making tags $$i..." && \
+                $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+        fi; \
         done;
 
 errors:
         perl util/mkerr.pl -recurse -write
 
+stacks:
+        perl util/mkstack.pl -write
+
 util/libeay.num::
         perl util/mkdef.pl crypto update
 
 util/ssleay.num::
         perl util/mkdef.pl ssl update
 
-crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
-        perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
+crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+        perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+        perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 
 TABLE: Configure
         (echo 'Output of `Configure TABLE'"':"; \
         perl Configure TABLE) > TABLE
 
-update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 
 tar:
         @$(TAR) $(TARFLAGS) -cvf - \
@@ -349,15 +454,19 @@ install: all install_docs
         done;
         @for i in $(DIRS) ;\
         do \
-        (cd $$i; echo "installing $$i..."; \
-        $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+        if echo "$$i" | grep -v '^\.'; then \
+                (cd $$i; echo "installing $$i..."; \
+                $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+        fi; \
         done
         @for i in $(LIBS) ;\
         do \
-        (       echo installing $$i; \
-                cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-                $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-                chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+                if [ -f "$$i" ]; then \
+                (       echo installing $$i; \
+                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+                        $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+                fi \
         done
 
 install_docs:
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index a2084af8e6..7cf95cfb0b 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,30 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
   Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
 
       o S/MIME support in new 'smime' command
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 7ef77c83c6..e8f20f49a6 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -98,13 +98,12 @@
  country.  The file contains some of the patents that we know about or are
  rumoured to exist. This is not a definitive list.
 
- RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
- their ciphers are used used inside the USA (and Japan?), you must contact RSA
- Data Security for licensing conditions. Their web page is
- http://www.rsa.com/.
+ RSA Security holds software patents on the RC5 algorithm.  If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
 
- RC4 is a trademark of RSA Data Security, so use of this label should perhaps
- only be used with RSA Data Security's permission. 
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission. 
 
  The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
  Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
@@ -118,9 +117,6 @@
  a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
  INSTALL.VMS.
 
- For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
- public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
-
  Read the documentation in the doc/ directory.  It is quite rough, but it
  lists the functions, you will probably have to look at the code to work out
  how to used them. Look at the example programs.
@@ -166,6 +162,9 @@
  the string "[PATCH]" in the subject. Please be sure to include a
  textual explanation of what your patch does.
 
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a copy of the patch is sent to crypt@bxa.doc.gov
+
  The preferred format for changes is "diff -u" output. You might
  generate it like this:
 
@@ -173,4 +172,4 @@
  # [your changes]
  # ./Configure dist; make clean
  # cd ..
- # diff -urN openssl-orig openssl-work > mydiffs.patch
+ # diff -ur openssl-orig openssl-work > mydiffs.patch
diff --git a/src/lib/libssl/src/README.ENGINE b/src/lib/libssl/src/README.ENGINE
new file mode 100644
index 0000000000..3d88ed152f
--- /dev/null
+++ b/src/lib/libssl/src/README.ENGINE
@@ -0,0 +1,63 @@
+
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component has been added to support external 
+  crypto devices, for example accelerator cards.  The component is called
+  ENGINE, and has still a pretty experimental status and almost no
+  documentation.  It's designed to be faily easily extensible by the
+  calling programs.
+
+  There's currently built-in support for the following crypto devices:
+
+      o CryptoSwift
+      o Compaq Atalla
+      o nCipher CHIL
+
+  A number of things are still needed and are being worked on:
+
+      o An openssl utility command to handle or at least check available
+        engines.
+      o A better way of handling the methods that are handled by the
+        engines.
+      o Documentation!
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time.
+
+  Because of this experimental status and what's lacking, the ENGINE
+  component is not yet part of the default OpenSSL distribution.  However,
+  we have made a separate kit for those who want to try this out, to be
+  found in the same places as the default OpenSSL distribution, but with
+  "-engine-" being part of the kit file name.  For example, version 0.9.6
+  is distributed in the following two files:
+
+      openssl-0.9.6.tar.gz
+      openssl-engine-0.9.6.tar.gz
+
+  NOTES
+  =====
+
+  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+  not need to download both.
+
+  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+  crypto device.  The internal OpenSSL functions are contained in the
+  engine "openssl", and will be used by default.
+
+  No external crypto device is chosen unless you say so.  You have actively
+  tell the openssl utility commands to use it through a new command line
+  switch called "-engine".  And if you want to use the ENGINE library to
+  do something similar, you must also explicitely choose an external crypto
+  device, or the built-in crypto routines will be used, just as in the
+  default OpenSSL distribution.
+
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  Win32.  A quick test done right before the release showed that trying
+  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+  an attempt is made to write at memory address 0x00000002.
+
diff --git a/src/lib/libssl/src/VMS/install.com b/src/lib/libssl/src/VMS/install.com
index 1664d769e2..f62635f24d 100644
--- a/src/lib/libssl/src/VMS/install.com
+++ b/src/lib/libssl/src/VMS/install.com
@@ -34,10 +34,8 @@ $	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
 $       IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
            CREATE/DIR/LOG WRK_SSLROOT:[VMS]
 $
-$       EXHEADER := vms_idhacks.h
-$
-$       COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
-$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
+$       IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
+           DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
 $
 $       OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
 $       WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
diff --git a/src/lib/libssl/src/VMS/vms_idhacks.h b/src/lib/libssl/src/VMS/vms_idhacks.h
index c2010c91e4..e69de29bb2 100644
--- a/src/lib/libssl/src/VMS/vms_idhacks.h
+++ b/src/lib/libssl/src/VMS/vms_idhacks.h
@@ -1,198 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_VMS_IDHACKS_H
-#define HEADER_VMS_IDHACKS_H
-
-#ifdef VMS
-
-/* Hack a long name in crypto/asn1/a_mbstr.c */
-#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
-/* Hack the names created with DECLARE_STACK_OF(PKCS7_SIGNER_INFO) */
-#define sk_PKCS7_SIGNER_INFO_new                sk_PKCS7_SIGINF_new
-#define sk_PKCS7_SIGNER_INFO_new_null           sk_PKCS7_SIGINF_new_null
-#define sk_PKCS7_SIGNER_INFO_free               sk_PKCS7_SIGINF_free
-#define sk_PKCS7_SIGNER_INFO_num                sk_PKCS7_SIGINF_num
-#define sk_PKCS7_SIGNER_INFO_value              sk_PKCS7_SIGINF_value
-#define sk_PKCS7_SIGNER_INFO_set                sk_PKCS7_SIGINF_set
-#define sk_PKCS7_SIGNER_INFO_zero               sk_PKCS7_SIGINF_zero
-#define sk_PKCS7_SIGNER_INFO_push               sk_PKCS7_SIGINF_push
-#define sk_PKCS7_SIGNER_INFO_unshift            sk_PKCS7_SIGINF_unshift
-#define sk_PKCS7_SIGNER_INFO_find               sk_PKCS7_SIGINF_find
-#define sk_PKCS7_SIGNER_INFO_delete             sk_PKCS7_SIGINF_delete
-#define sk_PKCS7_SIGNER_INFO_delete_ptr         sk_PKCS7_SIGINF_delete_ptr
-#define sk_PKCS7_SIGNER_INFO_insert             sk_PKCS7_SIGINF_insert
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func       sk_PKCS7_SIGINF_set_cmp_func
-#define sk_PKCS7_SIGNER_INFO_dup                sk_PKCS7_SIGINF_dup
-#define sk_PKCS7_SIGNER_INFO_pop_free           sk_PKCS7_SIGINF_pop_free
-#define sk_PKCS7_SIGNER_INFO_shift              sk_PKCS7_SIGINF_shift
-#define sk_PKCS7_SIGNER_INFO_pop                sk_PKCS7_SIGINF_pop
-#define sk_PKCS7_SIGNER_INFO_sort               sk_PKCS7_SIGINF_sort
-
-/* Hack the names created with DECLARE_STACK_OF(PKCS7_RECIP_INFO) */
-#define sk_PKCS7_RECIP_INFO_new                 sk_PKCS7_RECINF_new
-#define sk_PKCS7_RECIP_INFO_new_null            sk_PKCS7_RECINF_new_null
-#define sk_PKCS7_RECIP_INFO_free                sk_PKCS7_RECINF_free
-#define sk_PKCS7_RECIP_INFO_num                 sk_PKCS7_RECINF_num
-#define sk_PKCS7_RECIP_INFO_value               sk_PKCS7_RECINF_value
-#define sk_PKCS7_RECIP_INFO_set                 sk_PKCS7_RECINF_set
-#define sk_PKCS7_RECIP_INFO_zero                sk_PKCS7_RECINF_zero
-#define sk_PKCS7_RECIP_INFO_push                sk_PKCS7_RECINF_push
-#define sk_PKCS7_RECIP_INFO_unshift             sk_PKCS7_RECINF_unshift
-#define sk_PKCS7_RECIP_INFO_find                sk_PKCS7_RECINF_find
-#define sk_PKCS7_RECIP_INFO_delete              sk_PKCS7_RECINF_delete
-#define sk_PKCS7_RECIP_INFO_delete_ptr          sk_PKCS7_RECINF_delete_ptr
-#define sk_PKCS7_RECIP_INFO_insert              sk_PKCS7_RECINF_insert
-#define sk_PKCS7_RECIP_INFO_set_cmp_func        sk_PKCS7_RECINF_set_cmp_func
-#define sk_PKCS7_RECIP_INFO_dup                 sk_PKCS7_RECINF_dup
-#define sk_PKCS7_RECIP_INFO_pop_free            sk_PKCS7_RECINF_pop_free
-#define sk_PKCS7_RECIP_INFO_shift               sk_PKCS7_RECINF_shift
-#define sk_PKCS7_RECIP_INFO_pop                 sk_PKCS7_RECINF_pop
-#define sk_PKCS7_RECIP_INFO_sort                sk_PKCS7_RECINF_sort
-
-/* Hack the names created with DECLARE_STACK_OF(ASN1_STRING_TABLE) */
-#define sk_ASN1_STRING_TABLE_new                sk_ASN1_STRTAB_new
-#define sk_ASN1_STRING_TABLE_new_null           sk_ASN1_STRTAB_new_null
-#define sk_ASN1_STRING_TABLE_free               sk_ASN1_STRTAB_free
-#define sk_ASN1_STRING_TABLE_num                sk_ASN1_STRTAB_num
-#define sk_ASN1_STRING_TABLE_value              sk_ASN1_STRTAB_value
-#define sk_ASN1_STRING_TABLE_set                sk_ASN1_STRTAB_set
-#define sk_ASN1_STRING_TABLE_zero               sk_ASN1_STRTAB_zero
-#define sk_ASN1_STRING_TABLE_push               sk_ASN1_STRTAB_push
-#define sk_ASN1_STRING_TABLE_unshift            sk_ASN1_STRTAB_unshift
-#define sk_ASN1_STRING_TABLE_find               sk_ASN1_STRTAB_find
-#define sk_ASN1_STRING_TABLE_delete             sk_ASN1_STRTAB_delete
-#define sk_ASN1_STRING_TABLE_delete_ptr         sk_ASN1_STRTAB_delete_ptr
-#define sk_ASN1_STRING_TABLE_insert             sk_ASN1_STRTAB_insert
-#define sk_ASN1_STRING_TABLE_set_cmp_func       sk_ASN1_STRTAB_set_cmp_func
-#define sk_ASN1_STRING_TABLE_dup                sk_ASN1_STRTAB_dup
-#define sk_ASN1_STRING_TABLE_pop_free           sk_ASN1_STRTAB_pop_free
-#define sk_ASN1_STRING_TABLE_shift              sk_ASN1_STRTAB_shift
-#define sk_ASN1_STRING_TABLE_pop                sk_ASN1_STRTAB_pop
-#define sk_ASN1_STRING_TABLE_sort               sk_ASN1_STRTAB_sort
-
-/* Hack the names created with DECLARE_STACK_OF(ACCESS_DESCRIPTION) */
-#define sk_ACCESS_DESCRIPTION_new               sk_ACC_DESC_new
-#define sk_ACCESS_DESCRIPTION_new_null          sk_ACC_DESC_new_null
-#define sk_ACCESS_DESCRIPTION_free              sk_ACC_DESC_free
-#define sk_ACCESS_DESCRIPTION_num               sk_ACC_DESC_num
-#define sk_ACCESS_DESCRIPTION_value             sk_ACC_DESC_value
-#define sk_ACCESS_DESCRIPTION_set               sk_ACC_DESC_set
-#define sk_ACCESS_DESCRIPTION_zero              sk_ACC_DESC_zero
-#define sk_ACCESS_DESCRIPTION_push              sk_ACC_DESC_push
-#define sk_ACCESS_DESCRIPTION_unshift           sk_ACC_DESC_unshift
-#define sk_ACCESS_DESCRIPTION_find              sk_ACC_DESC_find
-#define sk_ACCESS_DESCRIPTION_delete            sk_ACC_DESC_delete
-#define sk_ACCESS_DESCRIPTION_delete_ptr        sk_ACC_DESC_delete_ptr
-#define sk_ACCESS_DESCRIPTION_insert            sk_ACC_DESC_insert
-#define sk_ACCESS_DESCRIPTION_set_cmp_func      sk_ACC_DESC_set_cmp_func
-#define sk_ACCESS_DESCRIPTION_dup               sk_ACC_DESC_dup
-#define sk_ACCESS_DESCRIPTION_pop_free          sk_ACC_DESC_pop_free
-#define sk_ACCESS_DESCRIPTION_shift             sk_ACC_DESC_shift
-#define sk_ACCESS_DESCRIPTION_pop               sk_ACC_DESC_pop
-#define sk_ACCESS_DESCRIPTION_sort              sk_ACC_DESC_sort
-
-/* Hack the names created with DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) */
-#define sk_CRYPTO_EX_DATA_FUNCS_new             sk_CRYPT_EX_DATFNS_new
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null        sk_CRYPT_EX_DATFNS_new_null
-#define sk_CRYPTO_EX_DATA_FUNCS_free            sk_CRYPT_EX_DATFNS_free
-#define sk_CRYPTO_EX_DATA_FUNCS_num             sk_CRYPT_EX_DATFNS_num
-#define sk_CRYPTO_EX_DATA_FUNCS_value           sk_CRYPT_EX_DATFNS_value
-#define sk_CRYPTO_EX_DATA_FUNCS_set             sk_CRYPT_EX_DATFNS_set
-#define sk_CRYPTO_EX_DATA_FUNCS_zero            sk_CRYPT_EX_DATFNS_zero
-#define sk_CRYPTO_EX_DATA_FUNCS_push            sk_CRYPT_EX_DATFNS_push
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift         sk_CRYPT_EX_DATFNS_unshift
-#define sk_CRYPTO_EX_DATA_FUNCS_find            sk_CRYPT_EX_DATFNS_find
-#define sk_CRYPTO_EX_DATA_FUNCS_delete          sk_CRYPT_EX_DATFNS_delete
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr      sk_CRYPT_EX_DATFNS_delete_ptr
-#define sk_CRYPTO_EX_DATA_FUNCS_insert          sk_CRYPT_EX_DATFNS_insert
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func    sk_CRYPT_EX_DATFNS_set_cmp_func
-#define sk_CRYPTO_EX_DATA_FUNCS_dup             sk_CRYPT_EX_DATFNS_dup
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free        sk_CRYPT_EX_DATFNS_pop_free
-#define sk_CRYPTO_EX_DATA_FUNCS_shift           sk_CRYPT_EX_DATFNS_shift
-#define sk_CRYPTO_EX_DATA_FUNCS_pop             sk_CRYPT_EX_DATFNS_pop
-#define sk_CRYPTO_EX_DATA_FUNCS_sort            sk_CRYPT_EX_DATFNS_sort
-
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
-
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECGINF
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECGINF
-
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      d2i_ASN1_SET_OF_ACC_DESC
-
-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
-#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQUENCE
-#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQUENCE
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE     PEM_read_bio_NS_CERT_SEQUENCE
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQUENCE
-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQUENCE
-
-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
-#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
-#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO    PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
-
-/* Hack other PEM names */
-#define PEM_write_bio_PKCS8PrivateKey_nid       PEM_write_bio_PKCS8PrivKey_nid
-
-#endif /* defined VMS */
-
-#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/src/lib/libssl/src/apps/CA.pl b/src/lib/libssl/src/apps/CA.pl
index 4eef57e6e3..f1ac7e7726 100644
--- a/src/lib/libssl/src/apps/CA.pl
+++ b/src/lib/libssl/src/apps/CA.pl
@@ -36,6 +36,7 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
@@ -116,6 +117,11 @@ foreach (@ARGV) {
                                                         "-infiles newreq.pem");
             $RET=$?;
             print "Signed certificate is in newcert.pem\n";
+        } elsif (/^(-signCA)$/) {
+            system ("$CA -policy policy_anything -out newcert.pem " .
+                                        "-extensions v3_ca -infiles newreq.pem");
+            $RET=$?;
+            print "Signed CA certificate is in newcert.pem\n";
         } elsif (/^-signcert$/) {
             system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
                                                                 "-out tmp.pem");
diff --git a/src/lib/libssl/src/apps/CA.pl.in b/src/lib/libssl/src/apps/CA.pl.in
index 4eef57e6e3..f1ac7e7726 100644
--- a/src/lib/libssl/src/apps/CA.pl.in
+++ b/src/lib/libssl/src/apps/CA.pl.in
@@ -36,6 +36,7 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
@@ -116,6 +117,11 @@ foreach (@ARGV) {
                                                         "-infiles newreq.pem");
             $RET=$?;
             print "Signed certificate is in newcert.pem\n";
+        } elsif (/^(-signCA)$/) {
+            system ("$CA -policy policy_anything -out newcert.pem " .
+                                        "-extensions v3_ca -infiles newreq.pem");
+            $RET=$?;
+            print "Signed CA certificate is in newcert.pem\n";
         } elsif (/^-signcert$/) {
             system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
                                                                 "-out tmp.pem");
diff --git a/src/lib/libssl/src/apps/Makefile.ssl b/src/lib/libssl/src/apps/Makefile.ssl
index c7373f74de..e8677cbb2d 100644
--- a/src/lib/libssl/src/apps/Makefile.ssl
+++ b/src/lib/libssl/src/apps/Makefile.ssl
@@ -35,7 +35,7 @@ SCRIPTS=CA.sh CA.pl der_chop
 EXE= $(PROGRAM)
 
 E_EXE=  verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
-        ca crl rsa dsa dsaparam \
+        ca crl rsa rsautl dsa dsaparam \
         x509 genrsa gendsa s_server s_client speed \
         s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
         pkcs8 spkac smime rand
@@ -51,14 +51,14 @@ RAND_SRC=app_rand.c
 
 E_OBJ=  verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
         ca.o pkcs7.o crl2p7.o crl.o \
-        rsa.o dsa.o dsaparam.o \
+        rsa.o rsautl.o dsa.o dsaparam.o \
         x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
         s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
         ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
 
 E_SRC=  verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
         pkcs7.c crl2p7.c crl.c \
-        rsa.c dsa.c dsaparam.c \
+        rsa.c rsautl.c dsa.c dsaparam.c \
         x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
         s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
         ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
@@ -135,7 +135,7 @@ $(DLIBCRYPTO):
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
         $(RM) $(PROGRAM)
         $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
-        @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+        -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl
         $(PERL) progs.pl $(E_EXE) >progs.h
@@ -146,90 +146,107 @@ progs.h: progs.pl
 app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
-app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md5.h
-app_rand.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
-apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+apps.o: ../include/openssl/des.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
-apps.o: ../include/openssl/md2.h ../include/openssl/md5.h
-apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-apps.o: ../include/openssl/stack.h ../include/openssl/x509.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 apps.o: ../include/openssl/x509_vfy.h apps.h
 asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
-asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
-asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
 asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 ca.o: ../include/openssl/err.h ../include/openssl/evp.h
 ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ca.o: ../include/openssl/x509v3.h apps.h
 ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
 ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
@@ -237,113 +254,137 @@ crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
 crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 crl.o: ../include/openssl/x509v3.h apps.h
 crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
-crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
 crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
 dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+dh.o: ../include/openssl/x509_vfy.h apps.h
 dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
-enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -351,37 +392,43 @@ enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
 errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
-errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -389,69 +436,82 @@ gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
-nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
-nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
 nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
-openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
 openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
 openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -461,306 +521,383 @@ openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+openssl.o: progs.h s_apps.h
 passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
-passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/idea.h ../include/openssl/md2.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
 passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 passwd.o: ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
-pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 pkcs12.o: ../include/openssl/x509_vfy.h apps.h
 pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
-pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
-pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h apps.h
 rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
-rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
 req.o: ../include/openssl/evp.h ../include/openssl/idea.h
 req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 req.o: ../include/openssl/x509v3.h apps.h
 rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
-s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_client.o: s_apps.h
 s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_server.o: s_apps.h
 s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
 s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
-s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_time.o: s_apps.h
 sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
 sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
-sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
-smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+smime.o: ../include/openssl/des.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/idea.h ../include/openssl/md2.h
-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
-speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+speed.o: ../include/openssl/des.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
-speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
 spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
 spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
@@ -768,34 +905,40 @@ verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
 verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
 verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 verify.o: ../include/openssl/x509v3.h apps.h
 version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-version.o: ../include/openssl/crypto.h ../include/openssl/des.h
-version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+version.o: ../include/openssl/des.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/evp.h ../include/openssl/idea.h
-version.o: ../include/openssl/md2.h ../include/openssl/md5.h
-version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/x509.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 version.o: ../include/openssl/x509_vfy.h apps.h
 x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
@@ -803,16 +946,19 @@ x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
 x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
 x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 x509.o: ../include/openssl/x509v3.h apps.h
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index a87d23bf33..167c319ebe 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -64,6 +64,11 @@
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/safestack.h>
 
 #ifdef WINDOWS
 #  include "bss_file.c"
@@ -91,8 +96,8 @@ int args_from_file(char *file, int *argc, char **argv[])
         *argv=NULL;
 
         len=(unsigned int)stbuf.st_size;
-        if (buf != NULL) Free(buf);
-        buf=(char *)Malloc(len+1);
+        if (buf != NULL) OPENSSL_free(buf);
+        buf=(char *)OPENSSL_malloc(len+1);
         if (buf == NULL) return(0);
 
         len=fread(buf,1,len,fp);
@@ -102,8 +107,8 @@ int args_from_file(char *file, int *argc, char **argv[])
         i=0;
         for (p=buf; *p; p++)
                 if (*p == '\n') i++;
-        if (arg != NULL) Free(arg);
-        arg=(char **)Malloc(sizeof(char *)*(i*2));
+        if (arg != NULL) OPENSSL_free(arg);
+        arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
 
         *argv=arg;
         num=0;
@@ -159,6 +164,14 @@ int str2fmt(char *s)
                 return(FORMAT_PEM);
         else if ((*s == 'N') || (*s == 'n'))
                 return(FORMAT_NETSCAPE);
+        else if ((*s == 'S') || (*s == 's'))
+                return(FORMAT_SMIME);
+        else if ((*s == '1')
+                || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
+                || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
+                return(FORMAT_PKCS12);
+        else if ((*s == 'E') || (*s == 'e'))
+                return(FORMAT_ENGINE);
         else
                 return(FORMAT_UNDEF);
         }
@@ -266,7 +279,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
         if (arg->count == 0)
                 {
                 arg->count=20;
-                arg->data=(char **)Malloc(sizeof(char *)*arg->count);
+                arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
                 }
         for (i=0; i<arg->count; i++)
                 arg->data[i]=NULL;
@@ -285,7 +298,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
                 if (num >= arg->count)
                         {
                         arg->count+=20;
-                        arg->data=(char **)Realloc(arg->data,
+                        arg->data=(char **)OPENSSL_realloc(arg->data,
                                 sizeof(char *)*arg->count);
                         if (argc == 0) return(0);
                         }
@@ -414,3 +427,352 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
         if(tmp) *tmp = 0;
         return BUF_strdup(tpass);
 }
+
+int add_oid_section(BIO *err, LHASH *conf)
+{       
+        char *p;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *cnf;
+        int i;
+        if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+        if(!(sktmp = CONF_get_section(conf, p))) {
+                BIO_printf(err, "problem loading oid section %s\n", p);
+                return 0;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+                cnf = sk_CONF_VALUE_value(sktmp, i);
+                if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+                        BIO_printf(err, "problem creating object %s=%s\n",
+                                                         cnf->name, cnf->value);
+                        return 0;
+                }
+        }
+        return 1;
+}
+
+X509 *load_cert(BIO *err, char *file, int format)
+        {
+        ASN1_HEADER *ah=NULL;
+        BUF_MEM *buf=NULL;
+        X509 *x=NULL;
+        BIO *cert;
+
+        if ((cert=BIO_new(BIO_s_file())) == NULL)
+                {
+                ERR_print_errors(err);
+                goto end;
+                }
+
+        if (file == NULL)
+                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(cert,file) <= 0)
+                        {
+                        perror(file);
+                        goto end;
+                        }
+                }
+
+        if      (format == FORMAT_ASN1)
+                x=d2i_X509_bio(cert,NULL);
+        else if (format == FORMAT_NETSCAPE)
+                {
+                unsigned char *p,*op;
+                int size=0,i;
+
+                /* We sort of have to do it this way because it is sort of nice
+                 * to read the header first and check it, then
+                 * try to read the certificate */
+                buf=BUF_MEM_new();
+                for (;;)
+                        {
+                        if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+                                goto end;
+                        i=BIO_read(cert,&(buf->data[size]),1024*10);
+                        size+=i;
+                        if (i == 0) break;
+                        if (i < 0)
+                                {
+                                perror("reading certificate");
+                                goto end;
+                                }
+                        }
+                p=(unsigned char *)buf->data;
+                op=p;
+
+                /* First load the header */
+                if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+                        goto end;
+                if ((ah->header == NULL) || (ah->header->data == NULL) ||
+                        (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
+                        ah->header->length) != 0))
+                        {
+                        BIO_printf(err,"Error reading header on certificate\n");
+                        goto end;
+                        }
+                /* header is ok, so now read the object */
+                p=op;
+                ah->meth=X509_asn1_meth();
+                if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+                        goto end;
+                x=(X509 *)ah->data;
+                ah->data=NULL;
+                }
+        else if (format == FORMAT_PEM)
+                x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+        else if (format == FORMAT_PKCS12)
+                {
+                PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
+
+                PKCS12_parse(p12, NULL, NULL, &x, NULL);
+                PKCS12_free(p12);
+                p12 = NULL;
+                }
+        else    {
+                BIO_printf(err,"bad input format specified for input cert\n");
+                goto end;
+                }
+end:
+        if (x == NULL)
+                {
+                BIO_printf(err,"unable to load certificate\n");
+                ERR_print_errors(err);
+                }
+        if (ah != NULL) ASN1_HEADER_free(ah);
+        if (cert != NULL) BIO_free(cert);
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(x);
+        }
+
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+        {
+        BIO *key=NULL;
+        EVP_PKEY *pkey=NULL;
+
+        if (file == NULL)
+                {
+                BIO_printf(err,"no keyfile specified\n");
+                goto end;
+                }
+        key=BIO_new(BIO_s_file());
+        if (key == NULL)
+                {
+                ERR_print_errors(err);
+                goto end;
+                }
+        if (BIO_read_filename(key,file) <= 0)
+                {
+                perror(file);
+                goto end;
+                }
+        if (format == FORMAT_ASN1)
+                {
+                pkey=d2i_PrivateKey_bio(key, NULL);
+                }
+        else if (format == FORMAT_PEM)
+                {
+                pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+                }
+        else if (format == FORMAT_PKCS12)
+                {
+                PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
+
+                PKCS12_parse(p12, pass, &pkey, NULL, NULL);
+                PKCS12_free(p12);
+                p12 = NULL;
+                }
+        else
+                {
+                BIO_printf(err,"bad input format specified for key\n");
+                goto end;
+                }
+ end:
+        if (key != NULL) BIO_free(key);
+        if (pkey == NULL)
+                BIO_printf(err,"unable to load Private Key\n");
+        return(pkey);
+        }
+
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+        {
+        BIO *key=NULL;
+        EVP_PKEY *pkey=NULL;
+
+        if (file == NULL)
+                {
+                BIO_printf(err,"no keyfile specified\n");
+                goto end;
+                }
+        key=BIO_new(BIO_s_file());
+        if (key == NULL)
+                {
+                ERR_print_errors(err);
+                goto end;
+                }
+        if (BIO_read_filename(key,file) <= 0)
+                {
+                perror(file);
+                goto end;
+                }
+        if (format == FORMAT_ASN1)
+                {
+                pkey=d2i_PUBKEY_bio(key, NULL);
+                }
+        else if (format == FORMAT_PEM)
+                {
+                pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
+                }
+        else
+                {
+                BIO_printf(err,"bad input format specified for key\n");
+                goto end;
+                }
+ end:
+        if (key != NULL) BIO_free(key);
+        if (pkey == NULL)
+                BIO_printf(err,"unable to load Public Key\n");
+        return(pkey);
+        }
+
+STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
+        {
+        BIO *certs;
+        int i;
+        STACK_OF(X509) *othercerts = NULL;
+        STACK_OF(X509_INFO) *allcerts = NULL;
+        X509_INFO *xi;
+
+        if((certs = BIO_new(BIO_s_file())) == NULL)
+                {
+                ERR_print_errors(err);
+                goto end;
+                }
+
+        if (file == NULL)
+                BIO_set_fp(certs,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(certs,file) <= 0)
+                        {
+                        perror(file);
+                        goto end;
+                        }
+                }
+
+        if      (format == FORMAT_PEM)
+                {
+                othercerts = sk_X509_new_null();
+                if(!othercerts)
+                        {
+                        sk_X509_free(othercerts);
+                        othercerts = NULL;
+                        goto end;
+                        }
+                allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+                for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+                        {
+                        xi = sk_X509_INFO_value (allcerts, i);
+                        if (xi->x509)
+                                {
+                                sk_X509_push(othercerts, xi->x509);
+                                xi->x509 = NULL;
+                                }
+                        }
+                goto end;
+                }
+        else    {
+                BIO_printf(err,"bad input format specified for input cert\n");
+                goto end;
+                }
+end:
+        if (othercerts == NULL)
+                {
+                BIO_printf(err,"unable to load certificates\n");
+                ERR_print_errors(err);
+                }
+        if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+        if (certs != NULL) BIO_free(certs);
+        return(othercerts);
+        }
+
+typedef struct {
+        char *name;
+        unsigned long flag;
+        unsigned long mask;
+} NAME_EX_TBL;
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+        char c;
+        const NAME_EX_TBL *ptbl, ex_tbl[] = {
+                { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+                { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+                { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+                { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+                { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+                { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+                { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+                { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+                { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+                { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+                { "compat", XN_FLAG_COMPAT, 0xffffffffL},
+                { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+                { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+                { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+                { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+                { "dn_rev", XN_FLAG_DN_REV, 0},
+                { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+                { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+                { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+                { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+                { "space_eq", XN_FLAG_SPC_EQ, 0},
+                { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+                { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+                { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
+                { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+                { NULL, 0, 0}
+        };
+
+        c = arg[0];
+
+        if(c == '-') {
+                c = 0;
+                arg++;
+        } else if (c == '+') {
+                c = 1;
+                arg++;
+        } else c = 1;
+
+        for(ptbl = ex_tbl; ptbl->name; ptbl++) {
+                if(!strcmp(arg, ptbl->name)) {
+                        *flags &= ~ptbl->mask;
+                        if(c) *flags |= ptbl->flag;
+                        else *flags &= ~ptbl->flag;
+                        return 1;
+                }
+        }
+        return 0;
+}
+
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+{
+        char buf[256];
+        char mline = 0;
+        int indent = 0;
+        if(title) BIO_puts(out, title);
+        if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                mline = 1;
+                indent = 4;
+        }
+        if(lflags == XN_FLAG_COMPAT) {
+                X509_NAME_oneline(nm,buf,256);
+                BIO_puts(out,buf);
+                BIO_puts(out, "\n");
+        } else {
+                if(mline) BIO_puts(out, "\n");
+                X509_NAME_print_ex(out, nm, indent, lflags);
+                BIO_puts(out, "\n");
+        }
+}
+
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index 2dcdb88c43..74d479e91d 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -65,6 +65,8 @@
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -98,7 +100,6 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)       PROG(a,v)
-#include <openssl/conf.h>
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -144,13 +145,27 @@ void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
+int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(BIO *err, LHASH *conf);
+X509 *load_cert(BIO *err, char *file, int format);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
+STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
+
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
+#define FORMAT_PKCS12   5
+#define FORMAT_SMIME    6
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127
+
+#define NETSCAPE_CERT_HDR       "certificate"
 
 #define APP_PASS_LEN    1024
 
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index f104ebc1f0..f25c9f84e8 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
         unsigned int length=0;
         long num,tmplen;
         BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
-        int informat,indent=0, noout = 0;
+        int informat,indent=0, noout = 0, dump = 0;
         char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
         unsigned char *tmpbuf;
         BUF_MEM *buf=NULL;
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
         argv++;
         if ((osk=sk_new_null()) == NULL)
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto end;
                 }
         while (argc >= 1)
@@ -149,6 +149,16 @@ int MAIN(int argc, char **argv)
                         length= atoi(*(++argv));
                         if (length == 0) goto bad;
                         }
+                else if (strcmp(*argv,"-dump") == 0)
+                        {
+                        dump= -1;
+                        }
+                else if (strcmp(*argv,"-dlimit") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        dump= atoi(*(++argv));
+                        if (dump <= 0) goto bad;
+                        }
                 else if (strcmp(*argv,"-strparse") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -176,6 +186,8 @@ bad:
                 BIO_printf(bio_err," -offset arg   offset into file\n");
                 BIO_printf(bio_err," -length arg   length of section in file\n");
                 BIO_printf(bio_err," -i            indent entries\n");
+                BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
+                BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
                 BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
                 BIO_printf(bio_err," -strparse offset\n");
                 BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
@@ -194,6 +206,12 @@ bad:
                 goto end;
                 }
         BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef VMS
+        {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        out = BIO_push(tmpbio, out);
+        }
+#endif
 
         if (oidfile != NULL)
                 {
@@ -293,7 +311,8 @@ bad:
                 }
         }
         if (!noout &&
-            !ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+            !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
+                    indent,dump))
                 {
                 ERR_print_errors(bio_err);
                 goto end;
@@ -302,7 +321,7 @@ bad:
 end:
         BIO_free(derout);
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (b64 != NULL) BIO_free(b64);
         if (ret != 0)
                 ERR_print_errors(bio_err);
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 73df13fe8e..2ab0c4db51 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -74,6 +74,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef W_OK
 #  ifdef VMS
@@ -167,6 +168,7 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -176,7 +178,6 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static unsigned long index_serial_hash(char **a);
 static int index_serial_cmp(char **a, char **b);
@@ -217,7 +218,8 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
-        char *key=NULL;
+        ENGINE *e = NULL;
+        char *key=NULL,*passargin=NULL;
         int total=0;
         int total_done=0;
         int badops=0;
@@ -263,12 +265,13 @@ int MAIN(int argc, char **argv)
         long l;
         const EVP_MD *dgst=NULL;
         STACK_OF(CONF_VALUE) *attribs=NULL;
-        STACK *cert_sk=NULL;
+        STACK_OF(X509) *cert_sk=NULL;
         BIO *hex=NULL;
 #undef BSIZE
 #define BSIZE 256
         MS_STATIC char buf[3][BSIZE];
         char *randfile=NULL;
+        char *engine = NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -334,6 +337,11 @@ EF_ALIGNMENT=0;
                         if (--argc < 1) goto bad;
                         keyfile= *(++argv);
                         }
+                else if (strcmp(*argv,"-passin") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        passargin= *(++argv);
+                        }
                 else if (strcmp(*argv,"-key") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -415,6 +423,11 @@ EF_ALIGNMENT=0;
                         if (--argc < 1) goto bad;
                         crl_ext= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else
                         {
 bad:
@@ -435,6 +448,24 @@ bad:
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto err;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto err;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         /*****************************************************************/
         if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
         if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -498,7 +529,7 @@ bad:
                                 BIO_free(oid_bio);
                                 }
                         }
-                if(!add_oid_section(conf)) 
+                if(!add_oid_section(bio_err,conf)) 
                         {
                         ERR_print_errors(bio_err);
                         goto err;
@@ -527,6 +558,11 @@ bad:
                 lookup_fail(section,ENV_PRIVATE_KEY);
                 goto err;
                 }
+        if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
+                {
+                BIO_printf(bio_err,"Error getting password\n");
+                goto err;
+                }
         if (BIO_read_filename(in,keyfile) <= 0)
                 {
                 perror(keyfile);
@@ -681,6 +717,12 @@ bad:
         if (verbose)
                 {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
                 TXT_DB_write(out,db);
                 BIO_printf(bio_err,"%d entries loaded from the database\n",
                         db->data->num);
@@ -715,7 +757,15 @@ bad:
                                 }
                         }
                 else
+                        {
                         BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        Sout = BIO_push(tmpbio, Sout);
+                        }
+#endif
+                        }
                 }
 
         if (req)
@@ -808,7 +858,7 @@ bad:
                         {
                         if ((f=BN_bn2hex(serial)) == NULL) goto err;
                         BIO_printf(bio_err,"next serial number is %s\n",f);
-                        Free(f);
+                        OPENSSL_free(f);
                         }
 
                 if ((attribs=CONF_get_section(conf,policy)) == NULL)
@@ -817,9 +867,9 @@ bad:
                         goto err;
                         }
 
-                if ((cert_sk=sk_new_null()) == NULL)
+                if ((cert_sk=sk_X509_new_null()) == NULL)
                         {
-                        BIO_printf(bio_err,"Malloc failure\n");
+                        BIO_printf(bio_err,"Memory allocation failure\n");
                         goto err;
                         }
                 if (spkac_file != NULL)
@@ -834,9 +884,9 @@ bad:
                                 total_done++;
                                 BIO_printf(bio_err,"\n");
                                 if (!BN_add_word(serial,1)) goto err;
-                                if (!sk_push(cert_sk,(char *)x))
+                                if (!sk_X509_push(cert_sk,x))
                                         {
-                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        BIO_printf(bio_err,"Memory allocation failure\n");
                                         goto err;
                                         }
                                 if (outfile)
@@ -858,9 +908,9 @@ bad:
                                 total_done++;
                                 BIO_printf(bio_err,"\n");
                                 if (!BN_add_word(serial,1)) goto err;
-                                if (!sk_push(cert_sk,(char *)x))
+                                if (!sk_X509_push(cert_sk,x))
                                         {
-                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        BIO_printf(bio_err,"Memory allocation failure\n");
                                         goto err;
                                         }
                                 }
@@ -877,9 +927,9 @@ bad:
                                 total_done++;
                                 BIO_printf(bio_err,"\n");
                                 if (!BN_add_word(serial,1)) goto err;
-                                if (!sk_push(cert_sk,(char *)x))
+                                if (!sk_X509_push(cert_sk,x))
                                         {
-                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        BIO_printf(bio_err,"Memory allocation failure\n");
                                         goto err;
                                         }
                                 }
@@ -896,9 +946,9 @@ bad:
                                 total_done++;
                                 BIO_printf(bio_err,"\n");
                                 if (!BN_add_word(serial,1)) goto err;
-                                if (!sk_push(cert_sk,(char *)x))
+                                if (!sk_X509_push(cert_sk,x))
                                         {
-                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        BIO_printf(bio_err,"Memory allocation failure\n");
                                         goto err;
                                         }
                                 }
@@ -907,7 +957,7 @@ bad:
                  * and a data base and serial number that need
                  * updating */
 
-                if (sk_num(cert_sk) > 0)
+                if (sk_X509_num(cert_sk) > 0)
                         {
                         if (!batch)
                                 {
@@ -923,7 +973,7 @@ bad:
                                         }
                                 }
 
-                        BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
+                        BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
 
                         strncpy(buf[0],serialfile,BSIZE-4);
 
@@ -955,12 +1005,12 @@ bad:
         
                 if (verbose)
                         BIO_printf(bio_err,"writing new certificates\n");
-                for (i=0; i<sk_num(cert_sk); i++)
+                for (i=0; i<sk_X509_num(cert_sk); i++)
                         {
                         int k;
                         unsigned char *n;
 
-                        x=(X509 *)sk_value(cert_sk,i);
+                        x=sk_X509_value(cert_sk,i);
 
                         j=x->cert_info->serialNumber->length;
                         p=(char *)x->cert_info->serialNumber->data;
@@ -999,7 +1049,7 @@ bad:
                         write_new_certificate(Sout,x, output_der, notext);
                         }
 
-                if (sk_num(cert_sk))
+                if (sk_X509_num(cert_sk))
                         {
                         /* Rename the database and the serial file */
                         strncpy(buf[2],serialfile,BSIZE-4);
@@ -1011,7 +1061,7 @@ bad:
 #endif
 
                         BIO_free(in);
-                        BIO_free(out);
+                        BIO_free_all(out);
                         in=NULL;
                         out=NULL;
                         if (rename(serialfile,buf[2]) < 0)
@@ -1228,12 +1278,12 @@ bad:
         ret=0;
 err:
         BIO_free(hex);
-        BIO_free(Cout);
-        BIO_free(Sout);
-        BIO_free(out);
+        BIO_free_all(Cout);
+        BIO_free_all(Sout);
+        BIO_free_all(out);
         BIO_free(in);
 
-        sk_pop_free(cert_sk,X509_free);
+        sk_X509_pop_free(cert_sk,X509_free);
 
         if (ret) ERR_print_errors(bio_err);
         app_RAND_write_file(randfile, bio_err);
@@ -1345,7 +1395,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
         BIO_puts(out,"\n");
         ret=1;
 err:
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (ai != NULL) ASN1_INTEGER_free(ai);
         return(ret);
         }
@@ -1580,7 +1630,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
         /* Ok, now we check the 'policy' stuff. */
         if ((subject=X509_NAME_new()) == NULL)
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
 
@@ -1678,7 +1728,7 @@ again2:
                                         {
                                         if (push != NULL)
                                                 X509_NAME_ENTRY_free(push);
-                                        BIO_printf(bio_err,"Malloc failure\n");
+                                        BIO_printf(bio_err,"Memory allocation failure\n");
                                         goto err;
                                         }
                                 }
@@ -1700,7 +1750,7 @@ again2:
         row[DB_serial]=BN_bn2hex(serial);
         if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
 
@@ -1841,32 +1891,32 @@ again2:
                 goto err;
 
         /* We now just add it to the database */
-        row[DB_type]=(char *)Malloc(2);
+        row[DB_type]=(char *)OPENSSL_malloc(2);
 
         tm=X509_get_notAfter(ret);
-        row[DB_exp_date]=(char *)Malloc(tm->length+1);
+        row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
         memcpy(row[DB_exp_date],tm->data,tm->length);
         row[DB_exp_date][tm->length]='\0';
 
         row[DB_rev_date]=NULL;
 
         /* row[DB_serial] done already */
-        row[DB_file]=(char *)Malloc(8);
+        row[DB_file]=(char *)OPENSSL_malloc(8);
         /* row[DB_name] done already */
 
         if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
                 (row[DB_file] == NULL))
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
         strcpy(row[DB_file],"unknown");
         row[DB_type][0]='V';
         row[DB_type][1]='\0';
 
-        if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+        if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
 
@@ -1886,7 +1936,7 @@ again2:
         ok=1;
 err:
         for (i=0; i<DB_NUMBER; i++)
-                if (row[i] != NULL) Free(row[i]);
+                if (row[i] != NULL) OPENSSL_free(row[i]);
 
         if (CAname != NULL)
                 X509_NAME_free(CAname);
@@ -2100,28 +2150,6 @@ static int check_time_format(char *str)
         return(ASN1_UTCTIME_check(&tm));
         }
 
-static int add_oid_section(LHASH *hconf)
-{       
-        char *p;
-        STACK_OF(CONF_VALUE) *sktmp;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
-        if(!(sktmp = CONF_get_section(hconf, p))) {
-                BIO_printf(bio_err, "problem loading oid section %s\n", p);
-                return 0;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-                cnf = sk_CONF_VALUE_value(sktmp, i);
-                if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-                        BIO_printf(bio_err, "problem creating object %s=%s\n",
-                                                         cnf->name, cnf->value);
-                        return 0;
-                }
-        }
-        return 1;
-}
-
 static int do_revoke(X509 *x509, TXT_DB *db)
 {
         ASN1_UTCTIME *tm=NULL, *revtm=NULL;
@@ -2137,7 +2165,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
         BN_free(bn);
         if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
                 }
         /* We have to lookup by serial number because name lookup
@@ -2149,33 +2177,33 @@ static int do_revoke(X509 *x509, TXT_DB *db)
                 BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
 
                 /* We now just add it to the database */
-                row[DB_type]=(char *)Malloc(2);
+                row[DB_type]=(char *)OPENSSL_malloc(2);
 
                 tm=X509_get_notAfter(x509);
-                row[DB_exp_date]=(char *)Malloc(tm->length+1);
+                row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
                 memcpy(row[DB_exp_date],tm->data,tm->length);
                 row[DB_exp_date][tm->length]='\0';
 
                 row[DB_rev_date]=NULL;
 
                 /* row[DB_serial] done already */
-                row[DB_file]=(char *)Malloc(8);
+                row[DB_file]=(char *)OPENSSL_malloc(8);
 
                 /* row[DB_name] done already */
 
                 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
                         (row[DB_file] == NULL))
                         {
-                        BIO_printf(bio_err,"Malloc failure\n");
+                        BIO_printf(bio_err,"Memory allocation failure\n");
                         goto err;
                         }
                 strcpy(row[DB_file],"unknown");
                 row[DB_type][0]='V';
                 row[DB_type][1]='\0';
 
-                if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+                if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
                         {
-                        BIO_printf(bio_err,"Malloc failure\n");
+                        BIO_printf(bio_err,"Memory allocation failure\n");
                         goto err;
                         }
 
@@ -2218,7 +2246,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
                 revtm=X509_gmtime_adj(revtm,0);
                 rrow[DB_type][0]='R';
                 rrow[DB_type][1]='\0';
-                rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
+                rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
                 memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
                 rrow[DB_rev_date][revtm->length]='\0';
                 ASN1_UTCTIME_free(revtm);
@@ -2228,7 +2256,7 @@ err:
         for (i=0; i<DB_NUMBER; i++)
                 {
                 if (row[i] != NULL) 
-                        Free(row[i]);
+                        OPENSSL_free(row[i]);
                 }
         return(ok);
 }
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c
index f8e9e7be2e..b6e2f966d8 100644
--- a/src/lib/libssl/src/apps/ciphers.c
+++ b/src/lib/libssl/src/apps/ciphers.c
@@ -74,6 +74,7 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
+" -tls1       - TLS1 mode\n",
 NULL
 };
 
@@ -107,6 +108,12 @@ int MAIN(int argc, char **argv)
         if (bio_err == NULL)
                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
         STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+        {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        STDout = BIO_push(tmpbio, STDout);
+        }
+#endif
 
         argc--;
         argv++;
@@ -122,6 +129,10 @@ int MAIN(int argc, char **argv)
                 else if (strcmp(*argv,"-ssl3") == 0)
                         meth=SSLv3_client_method();
 #endif
+#ifndef NO_TLS1
+                else if (strcmp(*argv,"-tls1") == 0)
+                        meth=TLSv1_client_method();
+#endif
                 else if ((strncmp(*argv,"-h",2) == 0) ||
                          (strcmp(*argv,"-?") == 0))
                         {
@@ -190,7 +201,7 @@ err:
 end:
         if (ctx != NULL) SSL_CTX_free(ctx);
         if (ssl != NULL) SSL_free(ssl);
-        if (STDout != NULL) BIO_free(STDout);
+        if (STDout != NULL) BIO_free_all(STDout);
         EXIT(ret);
         }
 
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c
index 338f46d97c..3b5725f23f 100644
--- a/src/lib/libssl/src/apps/crl.c
+++ b/src/lib/libssl/src/apps/crl.c
@@ -104,6 +104,7 @@ int MAIN(int argc, char **argv)
         int informat,outformat;
         char *infile=NULL,*outfile=NULL;
         int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+        int fingerprint = 0;
         char **pp,buf[256];
         X509_STORE *store = NULL;
         X509_STORE_CTX ctx;
@@ -111,6 +112,7 @@ int MAIN(int argc, char **argv)
         X509_OBJECT xobj;
         EVP_PKEY *pkey;
         int do_ver = 0;
+        const EVP_MD *md_alg,*digest=EVP_md5();
 
         apps_startup();
 
@@ -120,7 +122,15 @@ int MAIN(int argc, char **argv)
 
         if (bio_out == NULL)
                 if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+                        {
                         BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        bio_out = BIO_push(tmpbio, bio_out);
+                        }
+#endif
+                        }
 
         informat=FORMAT_PEM;
         outformat=FORMAT_PEM;
@@ -183,6 +193,13 @@ int MAIN(int argc, char **argv)
                         nextupdate= ++num;
                 else if (strcmp(*argv,"-noout") == 0)
                         noout= ++num;
+                else if (strcmp(*argv,"-fingerprint") == 0)
+                        fingerprint= ++num;
+                else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+                        {
+                        /* ok */
+                        digest=md_alg;
+                        }
                 else
                         {
                         BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -274,6 +291,26 @@ bad:
                                         BIO_printf(bio_out,"NONE");
                                 BIO_printf(bio_out,"\n");
                                 }
+                        if (fingerprint == i)
+                                {
+                                int j;
+                                unsigned int n;
+                                unsigned char md[EVP_MAX_MD_SIZE];
+
+                                if (!X509_CRL_digest(x,digest,md,&n))
+                                        {
+                                        BIO_printf(bio_err,"out of memory\n");
+                                        goto end;
+                                        }
+                                BIO_printf(bio_out,"%s Fingerprint=",
+                                                OBJ_nid2sn(EVP_MD_type(digest)));
+                                for (j=0; j<(int)n; j++)
+                                        {
+                                        BIO_printf(bio_out,"%02X%c",md[j],
+                                                (j+1 == (int)n)
+                                                ?'\n':':');
+                                        }
+                                }
                         }
                 }
 
@@ -285,7 +322,15 @@ bad:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -311,8 +356,8 @@ bad:
         if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
         ret=0;
 end:
-        BIO_free(out);
-        BIO_free(bio_out);
+        BIO_free_all(out);
+        BIO_free_all(bio_out);
         bio_out=NULL;
         X509_CRL_free(x);
         if(store) {
diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c
index 4056591676..7f853b65ab 100644
--- a/src/lib/libssl/src/apps/crl2p7.c
+++ b/src/lib/libssl/src/apps/crl2p7.c
@@ -141,7 +141,7 @@ int MAIN(int argc, char **argv)
                 else if (strcmp(*argv,"-certfile") == 0)
                         {
                         if (--argc < 1) goto bad;
-                        if(!certflst) certflst = sk_new(NULL);
+                        if(!certflst) certflst = sk_new_null();
                         sk_push(certflst,*(++argv));
                         }
                 else
@@ -215,15 +215,15 @@ bad:
         p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 
         if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-        if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
+        if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
         p7s->crl=crl_stack;
         if (crl != NULL)
                 {
                 sk_X509_CRL_push(crl_stack,crl);
-                crl=NULL; /* now part of p7 for Freeing */
+                crl=NULL; /* now part of p7 for OPENSSL_freeing */
                 }
 
-        if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
+        if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
         p7s->cert=cert_stack;
 
         if(certflst) for(i = 0; i < sk_num(certflst); i++) {
@@ -239,7 +239,15 @@ bad:
         sk_free(certflst);
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -266,7 +274,7 @@ bad:
         ret=0;
 end:
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (p7 != NULL) PKCS7_free(p7);
         if (crl != NULL) X509_CRL_free(crl);
 
@@ -327,7 +335,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 
         ret=count;
 end:
-        /* never need to Free x */
+        /* never need to OPENSSL_free x */
         if (in != NULL) BIO_free(in);
         if (sk != NULL) sk_X509_INFO_free(sk);
         return(ret);
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 1b56d6ef44..ab3e2dbb02 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef BUFSIZE
 #define BUFSIZE 1024*8
@@ -73,26 +74,36 @@
 #undef PROG
 #define PROG    dgst_main
 
-void do_fp(unsigned char *buf,BIO *f,int sep);
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+                EVP_PKEY *key, unsigned char *sigin, int siglen);
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         unsigned char *buf=NULL;
         int i,err=0;
         const EVP_MD *md=NULL,*m;
         BIO *in=NULL,*inp;
         BIO *bmd=NULL;
+        BIO *out = NULL;
         const char *name;
 #define PROG_NAME_SIZE  16
         char pname[PROG_NAME_SIZE];
         int separator=0;
         int debug=0;
+        const char *outfile = NULL, *keyfile = NULL;
+        const char *sigfile = NULL, *randfile = NULL;
+        char out_bin = -1, want_pub = 0, do_verify = 0;
+        EVP_PKEY *sigkey = NULL;
+        unsigned char *sigbuf = NULL;
+        int siglen = 0;
+        char *engine=NULL;
 
         apps_startup();
 
-        if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
                 {
                 BIO_printf(bio_err,"out of memory\n");
                 goto end;
@@ -113,6 +124,48 @@ int MAIN(int argc, char **argv)
                 if ((*argv)[0] != '-') break;
                 if (strcmp(*argv,"-c") == 0)
                         separator=1;
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) break;
+                        randfile=*(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) break;
+                        outfile=*(++argv);
+                        }
+                else if (strcmp(*argv,"-sign") == 0)
+                        {
+                        if (--argc < 1) break;
+                        keyfile=*(++argv);
+                        }
+                else if (strcmp(*argv,"-verify") == 0)
+                        {
+                        if (--argc < 1) break;
+                        keyfile=*(++argv);
+                        want_pub = 1;
+                        do_verify = 1;
+                        }
+                else if (strcmp(*argv,"-prverify") == 0)
+                        {
+                        if (--argc < 1) break;
+                        keyfile=*(++argv);
+                        do_verify = 1;
+                        }
+                else if (strcmp(*argv,"-signature") == 0)
+                        {
+                        if (--argc < 1) break;
+                        sigfile=*(++argv);
+                        }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) break;
+                        engine= *(++argv);
+                        }
+                else if (strcmp(*argv,"-hex") == 0)
+                        out_bin = 0;
+                else if (strcmp(*argv,"-binary") == 0)
+                        out_bin = 1;
                 else if (strcmp(*argv,"-d") == 0)
                         debug=1;
                 else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -126,15 +179,32 @@ int MAIN(int argc, char **argv)
         if (md == NULL)
                 md=EVP_md5();
 
+        if(do_verify && !sigfile) {
+                BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
+                err = 1; 
+                goto end;
+        }
+
         if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
                 {
                 BIO_printf(bio_err,"unknown option '%s'\n",*argv);
                 BIO_printf(bio_err,"options are\n");
-                BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
-                BIO_printf(bio_err,"-d   to output debug info\n");
+                BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
+                BIO_printf(bio_err,"-d              to output debug info\n");
+                BIO_printf(bio_err,"-hex            output as hex dump\n");
+                BIO_printf(bio_err,"-binary         output in binary form\n");
+                BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
+                BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
+                BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+                BIO_printf(bio_err,"-signature file signature to verify\n");
+                BIO_printf(bio_err,"-binary         output in binary form\n");
+                BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+
                 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
                         LN_md5,LN_md5);
                 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+                        LN_md4,LN_md4);
+                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
                         LN_md2,LN_md2);
                 BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
                         LN_sha1,LN_sha1);
@@ -147,7 +217,25 @@ int MAIN(int argc, char **argv)
                 err=1;
                 goto end;
                 }
-        
+
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         in=BIO_new(BIO_s_file());
         bmd=BIO_new(BIO_f_md());
         if (debug)
@@ -163,6 +251,80 @@ int MAIN(int argc, char **argv)
                 goto end;
                 }
 
+        if(out_bin == -1) {
+                if(keyfile) out_bin = 1;
+                else out_bin = 0;
+        }
+
+        if(randfile)
+                app_RAND_load_file(randfile, bio_err, 0);
+
+        if(outfile) {
+                if(out_bin)
+                        out = BIO_new_file(outfile, "wb");
+                else    out = BIO_new_file(outfile, "w");
+        } else {
+                out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
+
+        if(!out) {
+                BIO_printf(bio_err, "Error opening output file %s\n", 
+                                        outfile ? outfile : "(stdout)");
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+
+        if(keyfile) {
+                BIO *keybio;
+                keybio = BIO_new_file(keyfile, "r");
+                if(!keybio) {
+                        BIO_printf(bio_err, "Error opening key file %s\n",
+                                                                keyfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+                
+                if(want_pub) 
+                        sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
+                else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+                BIO_free(keybio);
+                if(!sigkey) {
+                        BIO_printf(bio_err, "Error reading key file %s\n",
+                                                                keyfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+        }
+
+        if(sigfile && sigkey) {
+                BIO *sigbio;
+                sigbio = BIO_new_file(sigfile, "rb");
+                siglen = EVP_PKEY_size(sigkey);
+                sigbuf = OPENSSL_malloc(siglen);
+                if(!sigbio) {
+                        BIO_printf(bio_err, "Error opening signature file %s\n",
+                                                                sigfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+                siglen = BIO_read(sigbio, sigbuf, siglen);
+                BIO_free(sigbio);
+                if(siglen <= 0) {
+                        BIO_printf(bio_err, "Error reading signature file %s\n",
+                                                                sigfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+        }
+                
+
+
         /* we use md as a filter, reading from 'in' */
         BIO_set_md(bmd,md);
         inp=BIO_push(bmd,in);
@@ -170,7 +332,7 @@ int MAIN(int argc, char **argv)
         if (argc == 0)
                 {
                 BIO_set_fp(in,stdin,BIO_NOCLOSE);
-                do_fp(buf,inp,separator);
+                do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
                 }
         else
                 {
@@ -183,8 +345,9 @@ int MAIN(int argc, char **argv)
                                 err++;
                                 continue;
                                 }
-                        printf("%s(%s)= ",name,argv[i]);
-                        do_fp(buf,inp,separator);
+                        if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
+                        do_fp(out, buf,inp,separator, out_bin, sigkey, 
+                                                                sigbuf, siglen);
                         (void)BIO_reset(bmd);
                         }
                 }
@@ -192,14 +355,18 @@ end:
         if (buf != NULL)
                 {
                 memset(buf,0,BUFSIZE);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         if (in != NULL) BIO_free(in);
+        BIO_free_all(out);
+        EVP_PKEY_free(sigkey);
+        if(sigbuf) OPENSSL_free(sigbuf);
         if (bmd != NULL) BIO_free(bmd);
         EXIT(err);
         }
 
-void do_fp(unsigned char *buf, BIO *bp, int sep)
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+                        EVP_PKEY *key, unsigned char *sigin, int siglen)
         {
         int len;
         int i;
@@ -209,14 +376,44 @@ void do_fp(unsigned char *buf, BIO *bp, int sep)
                 i=BIO_read(bp,(char *)buf,BUFSIZE);
                 if (i <= 0) break;
                 }
-        len=BIO_gets(bp,(char *)buf,BUFSIZE);
+        if(sigin)
+                {
+                EVP_MD_CTX *ctx;
+                BIO_get_md_ctx(bp, &ctx);
+                i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
+                if(i > 0) BIO_printf(out, "Verified OK\n");
+                else if(i == 0) BIO_printf(out, "Verification Failure\n");
+                else
+                        {
+                        BIO_printf(bio_err, "Error Verifying Data\n");
+                        ERR_print_errors(bio_err);
+                        }
+                return;
+                }
+        if(key)
+                {
+                EVP_MD_CTX *ctx;
+                BIO_get_md_ctx(bp, &ctx);
+                if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 
+                        {
+                        BIO_printf(bio_err, "Error Signing Data\n");
+                        ERR_print_errors(bio_err);
+                        return;
+                        }
+                }
+        else
+                len=BIO_gets(bp,(char *)buf,BUFSIZE);
 
-        for (i=0; i<len; i++)
+        if(binout) BIO_write(out, buf, len);
+        else 
                 {
-                if (sep && (i != 0))
-                        putc(':',stdout);
-                printf("%02x",buf[i]);
+                for (i=0; i<len; i++)
+                        {
+                        if (sep && (i != 0))
+                                BIO_printf(out, ":");
+                        BIO_printf(out, "%02x",buf[i]);
+                        }
+                BIO_printf(out, "\n");
                 }
-        printf("\n");
         }
 
diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c
index 674963f81a..229ba2f63a 100644
--- a/src/lib/libssl/src/apps/dh.c
+++ b/src/lib/libssl/src/apps/dh.c
@@ -69,6 +69,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         DH *dh=NULL;
         int i,badops=0,text=0;
         BIO *in=NULL,*out=NULL;
         int informat,outformat,check=0,noout=0,C=0,ret=1;
-        char *infile,*outfile,*prog;
+        char *infile,*outfile,*prog,*engine;
 
         apps_startup();
 
@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
                 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                         BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+        engine=NULL;
         infile=NULL;
         outfile=NULL;
         informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         outfile= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-check") == 0)
                         check=1;
                 else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
                 BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
                 BIO_printf(bio_err," -C            Output C code\n");
                 BIO_printf(bio_err," -noout        no output\n");
+                BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                 goto end;
                 }
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         in=BIO_new(BIO_s_file());
         out=BIO_new(BIO_s_file());
         if ((in == NULL) || (out == NULL))
@@ -184,7 +211,15 @@ bad:
                         }
                 }
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -251,10 +286,10 @@ bad:
 
                 len=BN_num_bytes(dh->p);
                 bits=BN_num_bits(dh->p);
-                data=(unsigned char *)Malloc(len);
+                data=(unsigned char *)OPENSSL_malloc(len);
                 if (data == NULL)
                         {
-                        perror("Malloc");
+                        perror("OPENSSL_malloc");
                         goto end;
                         }
                 l=BN_bn2bin(dh->p,data);
@@ -285,7 +320,7 @@ bad:
                 printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
                 printf("\t\treturn(NULL);\n");
                 printf("\treturn(dh);\n\t}\n");
-                Free(data);
+                OPENSSL_free(data);
                 }
 
 
@@ -309,7 +344,7 @@ bad:
         ret=0;
 end:
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (dh != NULL) DH_free(dh);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/dh1024.pem b/src/lib/libssl/src/apps/dh1024.pem
index 81d43f6a3e..6eaeca9b8e 100644
--- a/src/lib/libssl/src/apps/dh1024.pem
+++ b/src/lib/libssl/src/apps/dh1024.pem
@@ -1,5 +1,10 @@
 -----BEGIN DH PARAMETERS-----
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
+jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
+ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
 -----END DH PARAMETERS-----
+
+These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/src/lib/libssl/src/apps/dh2048.pem b/src/lib/libssl/src/apps/dh2048.pem
new file mode 100644
index 0000000000..dcd0b8d01b
--- /dev/null
+++ b/src/lib/libssl/src/apps/dh2048.pem
@@ -0,0 +1,12 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
+89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
+T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
+zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
+Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
+CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
diff --git a/src/lib/libssl/src/apps/dh4096.pem b/src/lib/libssl/src/apps/dh4096.pem
new file mode 100644
index 0000000000..1b35ad8e62
--- /dev/null
+++ b/src/lib/libssl/src/apps/dh4096.pem
@@ -0,0 +1,18 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
+l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
+Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
+Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
+VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
+alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
+sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
+ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
+OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
+AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
+KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/src/lib/libssl/src/apps/dh512.pem b/src/lib/libssl/src/apps/dh512.pem
new file mode 100644
index 0000000000..200d16cd89
--- /dev/null
+++ b/src/lib/libssl/src/apps/dh512.pem
@@ -0,0 +1,9 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
+XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
+-----END DH PARAMETERS-----
+
+These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c
index 709547ff5e..9d5705f8bf 100644
--- a/src/lib/libssl/src/apps/dhparam.c
+++ b/src/lib/libssl/src/apps/dhparam.c
@@ -121,6 +121,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         DH *dh=NULL;
         int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
         BIO *in=NULL,*out=NULL;
         int informat,outformat,check=0,noout=0,C=0,ret=1;
         char *infile,*outfile,*prog;
-        char *inrand=NULL;
+        char *inrand=NULL,*engine=NULL;
         int num = 0, g = 0;
 
         apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         outfile= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-check") == 0)
                         check=1;
                 else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
                 BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
                 BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
                 BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+                BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                 BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
                 BIO_printf(bio_err,"               the random number generator\n");
@@ -249,6 +257,24 @@ bad:
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if (g && !num)
                 num = DEFBITS;
 
@@ -285,7 +311,7 @@ bad:
                         DSA *dsa;
                         
                         BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-                dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+                        dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
                         if (dsa == NULL)
                                 {
                                 ERR_print_errors(bio_err);
@@ -391,7 +417,15 @@ bad:
                 goto end;
                 }
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -432,10 +466,10 @@ bad:
 
                 len=BN_num_bytes(dh->p);
                 bits=BN_num_bits(dh->p);
-                data=(unsigned char *)Malloc(len);
+                data=(unsigned char *)OPENSSL_malloc(len);
                 if (data == NULL)
                         {
-                        perror("Malloc");
+                        perror("OPENSSL_malloc");
                         goto end;
                         }
                 printf("#ifndef HEADER_DH_H\n"
@@ -472,7 +506,7 @@ bad:
                 if (dh->length)
                         printf("\tdh->length = %d;\n", dh->length);
                 printf("\treturn(dh);\n\t}\n");
-                Free(data);
+                OPENSSL_free(data);
                 }
 
 
@@ -496,7 +530,7 @@ bad:
         ret=0;
 end:
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (dh != NULL) DH_free(dh);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c
index 4977671b8a..49ca9003ac 100644
--- a/src/lib/libssl/src/apps/dsa.c
+++ b/src/lib/libssl/src/apps/dsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int ret=1;
         DSA *dsa=NULL;
         int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
         BIO *in=NULL,*out=NULL;
         int informat,outformat,text=0,noout=0;
         int pubin = 0, pubout = 0;
-        char *infile,*outfile,*prog;
+        char *infile,*outfile,*prog,*engine;
         char *passargin = NULL, *passargout = NULL;
         char *passin = NULL, *passout = NULL;
         int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
                 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                         BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+        engine=NULL;
         infile=NULL;
         outfile=NULL;
         informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         passargout= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-noout") == 0)
                         noout=1;
                 else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
                 BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
                 BIO_printf(bio_err," -out arg        output file\n");
                 BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+                BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
                 BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                 BIO_printf(bio_err, "Error getting passwords\n");
                 goto end;
@@ -233,7 +260,15 @@ bad:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -281,10 +316,10 @@ bad:
                 ret=0;
 end:
         if(in != NULL) BIO_free(in);
-        if(out != NULL) BIO_free(out);
+        if(out != NULL) BIO_free_all(out);
         if(dsa != NULL) DSA_free(dsa);
-        if(passin) Free(passin);
-        if(passout) Free(passout);
+        if(passin) OPENSSL_free(passin);
+        if(passout) OPENSSL_free(passout);
         EXIT(ret);
         }
 #endif
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index 4d4e1ad2b5..67f054c645 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -69,6 +69,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    dsaparam_main
@@ -90,11 +91,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         DSA *dsa=NULL;
         int i,badops=0,text=0;
         BIO *in=NULL,*out=NULL;
         int informat,outformat,noout=0,C=0,ret=1;
-        char *infile,*outfile,*prog,*inrand=NULL;
+        char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
         int numbits= -1,num,genkey=0;
         int need_rand=0;
 
@@ -205,7 +207,15 @@ bad:
                         }
                 }
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -260,10 +270,10 @@ bad:
                 bits_p=BN_num_bits(dsa->p);
                 bits_q=BN_num_bits(dsa->q);
                 bits_g=BN_num_bits(dsa->g);
-                data=(unsigned char *)Malloc(len+20);
+                data=(unsigned char *)OPENSSL_malloc(len+20);
                 if (data == NULL)
                         {
-                        perror("Malloc");
+                        perror("OPENSSL_malloc");
                         goto end;
                         }
                 l=BN_bn2bin(dsa->p,data);
@@ -347,7 +357,7 @@ bad:
         ret=0;
 end:
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (dsa != NULL) DSA_free(dsa);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 6531c58c54..b9190ef53f 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -70,6 +70,7 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         static const char magic[]="Salted__";
         char mbuf[8];   /* should be 1 smaller than magic */
         char *strbuf=NULL;
@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
         BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
         char pname[PROG_NAME_SIZE];
+        char *engine = NULL;
 
         apps_startup();
 
@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         passarg= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-d") == 0)
                         enc=0;
                 else if (strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
                         BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                         BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                         BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                        BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
                         BIO_printf(bio_err,"Cipher Types\n");
                         BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -314,6 +323,24 @@ bad:
                 argv++;
                 }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if (bufsize != NULL)
                 {
                 unsigned long n;
@@ -343,11 +370,11 @@ bad:
                 if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
                 }
 
-        strbuf=Malloc(SIZE);
-        buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+        strbuf=OPENSSL_malloc(SIZE);
+        buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
         if ((buff == NULL) || (strbuf == NULL))
                 {
-                BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+                BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
                 goto end;
                 }
 
@@ -416,7 +443,15 @@ bad:
 
 
         if (outf == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outf) <= 0)
@@ -581,13 +616,13 @@ bad:
                 }
 end:
         ERR_print_errors(bio_err);
-        if (strbuf != NULL) Free(strbuf);
-        if (buff != NULL) Free(buff);
+        if (strbuf != NULL) OPENSSL_free(strbuf);
+        if (buff != NULL) OPENSSL_free(buff);
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (benc != NULL) BIO_free(benc);
         if (b64 != NULL) BIO_free(b64);
-        if(pass) Free(pass);
+        if(pass) OPENSSL_free(pass);
         EXIT(ret);
         }
 
diff --git a/src/lib/libssl/src/apps/errstr.c b/src/lib/libssl/src/apps/errstr.c
index 4650379589..e392328f93 100644
--- a/src/lib/libssl/src/apps/errstr.c
+++ b/src/lib/libssl/src/apps/errstr.c
@@ -91,12 +91,18 @@ int MAIN(int argc, char **argv)
                 out=BIO_new(BIO_s_file());
                 if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
                         {
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        out = BIO_push(tmpbio, out);
+                        }
+#endif
                         lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
                         lh_stats_bio((LHASH *)ERR_get_string_table(),out);
                         lh_node_usage_stats_bio((LHASH *)
                                 ERR_get_string_table(),out);
                         }
-                if (out != NULL) BIO_free(out);
+                if (out != NULL) BIO_free_all(out);
                 argc--;
                 argv++;
                 }
@@ -104,7 +110,10 @@ int MAIN(int argc, char **argv)
         for (i=1; i<argc; i++)
                 {
                 if (sscanf(argv[i],"%lx",&l))
-                        printf("%s\n",ERR_error_string(l,buf));
+                        {
+                        ERR_error_string_n(l, buf, sizeof buf);
+                        printf("%s\n",buf);
+                        }
                 else
                         {
                         printf("%s: bad error code\n",argv[i]);
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c
index caf5e8d736..e81109eaac 100644
--- a/src/lib/libssl/src/apps/gendh.c
+++ b/src/lib/libssl/src/apps/gendh.c
@@ -70,6 +70,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS 512
 #undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         DH *dh=NULL;
         int ret=1,num=DEFBITS;
         int g=2;
         char *outfile=NULL;
         char *inrand=NULL;
+        char *engine=NULL;
         BIO *out=NULL;
 
         apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
                         g=3; */
                 else if (strcmp(*argv,"-5") == 0)
                         g=5;
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-rand") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
 bad:
                 BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
                 BIO_printf(bio_err," -out file - output the key to 'file\n");
-                BIO_printf(bio_err," -2    use 2 as the generator value\n");
-        /*      BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-                BIO_printf(bio_err," -5    use 5 as the generator value\n");
+                BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+        /*      BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+                BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+                BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                 BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
                 BIO_printf(bio_err,"             the random number generator\n");
                 goto end;
                 }
                 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         out=BIO_new(BIO_s_file());
         if (out == NULL)
                 {
@@ -142,7 +169,15 @@ bad:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -174,7 +209,7 @@ bad:
 end:
         if (ret != 0)
                 ERR_print_errors(bio_err);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (dh != NULL) DH_free(dh);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c
index b1a1c4fcfa..1c0ec371d2 100644
--- a/src/lib/libssl/src/apps/gendsa.c
+++ b/src/lib/libssl/src/apps/gendsa.c
@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS 512
 #undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         DSA *dsa=NULL;
         int ret=1;
         char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
         char *passargout = NULL, *passout = NULL;
         BIO *out=NULL,*in=NULL;
         EVP_CIPHER *enc=NULL;
+        char *engine=NULL;
 
         apps_startup();
 
@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         passargout= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-rand") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
 #ifndef NO_IDEA
                 BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
+                BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                 BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
                 BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +162,24 @@ bad:
                 goto end;
                 }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
                 BIO_printf(bio_err, "Error getting password\n");
                 goto end;
@@ -178,7 +205,15 @@ bad:
         if (out == NULL) goto end;
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -209,9 +244,9 @@ end:
         if (ret != 0)
                 ERR_print_errors(bio_err);
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (dsa != NULL) DSA_free(dsa);
-        if(passout) Free(passout);
+        if(passout) OPENSSL_free(passout);
         EXIT(ret);
         }
 #endif
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index 6fe578d69f..e7445e6a49 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS 512
 #undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int ret=1;
         RSA *rsa=NULL;
         int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
         unsigned long f4=RSA_F4;
         char *outfile=NULL;
         char *passargout = NULL, *passout = NULL;
+        char *engine=NULL;
         char *inrand=NULL;
         BIO *out=NULL;
 
@@ -114,8 +117,13 @@ int MAIN(int argc, char **argv)
                         }
                 else if (strcmp(*argv,"-3") == 0)
                         f4=3;
-                else if (strcmp(*argv,"-F4") == 0)
+                else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
                         f4=RSA_F4;
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-rand") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
                 BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
                 BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
                 BIO_printf(bio_err," -3              use 3 for the E value\n");
+                BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                 BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
                 BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,8 +176,34 @@ bad:
                 goto err;
         }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto err;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto err;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -178,7 +213,8 @@ bad:
                         }
                 }
 
-        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+                && !RAND_status())
                 {
                 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
                 }
@@ -212,8 +248,8 @@ bad:
         ret=0;
 err:
         if (rsa != NULL) RSA_free(rsa);
-        if (out != NULL) BIO_free(out);
-        if(passout) Free(passout);
+        if (out != NULL) BIO_free_all(out);
+        if(passout) OPENSSL_free(passout);
         if (ret != 0)
                 ERR_print_errors(bio_err);
         EXIT(ret);
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 94acbf8219..7e9d0ac8d6 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -154,13 +154,13 @@ $! Define The Application Files.
 $!
 $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
               "CA;PKCS7;CRL2P7;CRL;"+-
-              "RSA;DSA;DSAPARAM;"+-
+              "RSA;RSAUTL;DSA;DSAPARAM;"+-
               "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
               "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
               "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
                CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
-               RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
+               RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
                X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
                S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
                CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
diff --git a/src/lib/libssl/src/apps/md4.c b/src/lib/libssl/src/apps/md4.c
new file mode 100644
index 0000000000..e4b0aac011
--- /dev/null
+++ b/src/lib/libssl/src/apps/md4.c
@@ -0,0 +1,127 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD4(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD4_CTX c;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD4_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD4_Update(&c,buf,(unsigned long)i);
+                }
+        MD4_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libssl/src/apps/nseq.c b/src/lib/libssl/src/apps/nseq.c
index cc88d50ceb..1d73d1ad52 100644
--- a/src/lib/libssl/src/apps/nseq.c
+++ b/src/lib/libssl/src/apps/nseq.c
@@ -119,11 +119,18 @@ int MAIN(int argc, char **argv)
                                  "Can't open output file %s\n", outfile);
                         goto end;
                 }
-        } else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
+        } else {
+                out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
         if (toseq) {
                 seq = NETSCAPE_CERT_SEQUENCE_new();
-                seq->certs = sk_X509_new(NULL);
+                seq->certs = sk_X509_new_null();
                 while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
                     sk_X509_push(seq->certs,x509);
 
@@ -152,7 +159,7 @@ int MAIN(int argc, char **argv)
         ret = 0;
 end:
         BIO_free(in);
-        BIO_free(out);
+        BIO_free_all(out);
         NETSCAPE_CERT_SEQUENCE_free(seq);
 
         EXIT(ret);
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index a2a263062d..4f61006b73 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -101,6 +101,8 @@ int main(int Argc, char *Argv[])
         arg.data=NULL;
         arg.count=0;
 
+        if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+                CRYPTO_malloc_debug_init();
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
         apps_startup();
@@ -201,7 +203,7 @@ end:
                 config=NULL;
                 }
         if (prog != NULL) lh_free(prog);
-        if (arg.data != NULL) Free(arg.data);
+        if (arg.data != NULL) OPENSSL_free(arg.data);
         ERR_remove_state(0);
 
         EVP_cleanup();
@@ -236,13 +238,19 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
         else if ((strncmp(argv[0],"no-",3)) == 0)
                 {
                 BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                bio_stdout = BIO_push(tmpbio, bio_stdout);
+                }
+#endif
                 f.name=argv[0]+3;
                 ret = (lh_retrieve(prog,&f) != NULL);
                 if (!ret)
                         BIO_printf(bio_stdout, "%s\n", argv[0]);
                 else
                         BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-                BIO_free(bio_stdout);
+                BIO_free_all(bio_stdout);
                 goto end;
                 }
         else if ((strcmp(argv[0],"quit") == 0) ||
@@ -267,11 +275,17 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                 else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
                         list_type = FUNC_TYPE_CIPHER;
                 bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                bio_stdout = BIO_push(tmpbio, bio_stdout);
+                }
+#endif
                 
                 for (fp=functions; fp->name != NULL; fp++)
                         if (fp->type == list_type)
                                 BIO_printf(bio_stdout, "%s\n", fp->name);
-                BIO_free(bio_stdout);
+                BIO_free_all(bio_stdout);
                 ret=0;
                 goto end;
                 }
diff --git a/src/lib/libssl/src/apps/passwd.c b/src/lib/libssl/src/apps/passwd.c
index c7e21d2081..6851a9927d 100644
--- a/src/lib/libssl/src/apps/passwd.c
+++ b/src/lib/libssl/src/apps/passwd.c
@@ -1,10 +1,10 @@
 /* apps/passwd.c */
 
 #if defined NO_MD5 || defined CHARSET_EBCDIC
-# define NO_APR1
+# define NO_MD5CRYPT_1
 #endif
 
-#if !defined(NO_DES) || !defined(NO_APR1)
+#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
 
 #include <assert.h>
 #include <string.h>
@@ -19,7 +19,7 @@
 #ifndef NO_DES
 # include <openssl/des.h>
 #endif
-#ifndef NO_APR1
+#ifndef NO_MD5CRYPT_1
 # include <openssl/md5.h>
 #endif
 
@@ -42,10 +42,11 @@ static unsigned const char cov_2char[64]={
 
 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
         char *passwd, BIO *out, int quiet, int table, int reverse,
-        size_t pw_maxlen, int usecrypt, int useapr1);
+        size_t pw_maxlen, int usecrypt, int use1, int useapr1);
 
-/* -crypt        - standard Unix password algorithm (default, only choice)
- * -apr1         - MD5-based password algorithm
+/* -crypt        - standard Unix password algorithm (default)
+ * -1            - MD5-based password algorithm
+ * -apr1         - MD5-based password algorithm, Apache variant
  * -salt string  - salt
  * -in file      - read passwords from file
  * -stdin        - read passwords from stdin
@@ -63,11 +64,12 @@ int MAIN(int argc, char **argv)
         int in_stdin = 0;
         char *salt = NULL, *passwd = NULL, **passwds = NULL;
         char *salt_malloc = NULL, *passwd_malloc = NULL;
+        size_t passwd_malloc_size = 0;
         int pw_source_defined = 0;
         BIO *in = NULL, *out = NULL;
         int i, badopt, opt_done;
         int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
-        int usecrypt = 0, useapr1 = 0;
+        int usecrypt = 0, use1 = 0, useapr1 = 0;
         size_t pw_maxlen = 0;
 
         apps_startup();
@@ -79,6 +81,12 @@ int MAIN(int argc, char **argv)
         if (out == NULL)
                 goto err;
         BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef VMS
+        {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        out = BIO_push(tmpbio, out);
+        }
+#endif
 
         badopt = 0, opt_done = 0;
         i = 0;
@@ -86,6 +94,8 @@ int MAIN(int argc, char **argv)
                 {
                 if (strcmp(argv[i], "-crypt") == 0)
                         usecrypt = 1;
+                else if (strcmp(argv[i], "-1") == 0)
+                        use1 = 1;
                 else if (strcmp(argv[i], "-apr1") == 0)
                         useapr1 = 1;
                 else if (strcmp(argv[i], "-salt") == 0)
@@ -137,17 +147,17 @@ int MAIN(int argc, char **argv)
                         badopt = 1;
                 }
 
-        if (!usecrypt && !useapr1) /* use default */
+        if (!usecrypt && !use1 && !useapr1) /* use default */
                 usecrypt = 1;
-        if (usecrypt + useapr1 > 1) /* conflict */
+        if (usecrypt + use1 + useapr1 > 1) /* conflict */
                 badopt = 1;
 
         /* reject unsupported algorithms */
 #ifdef NO_DES
         if (usecrypt) badopt = 1;
 #endif
-#ifdef NO_APR1
-        if (useapr1) badopt = 1;
+#ifdef NO_MD5CRYPT_1
+        if (use1 || useapr1) badopt = 1;
 #endif
 
         if (badopt) 
@@ -157,8 +167,9 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DES
                 BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
-#ifndef NO_APR1
-                BIO_printf(bio_err, "-apr1              MD5-based password algorithm\n");
+#ifndef NO_MD5CRYPT_1
+                BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
+                BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
 #endif
                 BIO_printf(bio_err, "-salt string       use provided salt\n");
                 BIO_printf(bio_err, "-in file           read passwords from file\n");
@@ -190,13 +201,16 @@ int MAIN(int argc, char **argv)
         
         if (usecrypt)
                 pw_maxlen = 8;
-        else if (useapr1)
+        else if (use1 || useapr1)
                 pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
 
         if (passwds == NULL)
                 {
                 /* no passwords on the command line */
-                passwd = passwd_malloc = Malloc(pw_maxlen + 1);
+
+                passwd_malloc_size = pw_maxlen + 2;
+                /* longer than necessary so that we can warn about truncation */
+                passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
                 if (passwd_malloc == NULL)
                         goto err;
                 }
@@ -208,7 +222,7 @@ int MAIN(int argc, char **argv)
                 
                 passwds = passwds_static;
                 if (in == NULL)
-                        if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
+                        if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
                                 goto err;
                 passwds[0] = passwd_malloc;
                 }
@@ -222,7 +236,7 @@ int MAIN(int argc, char **argv)
                         {
                         passwd = *passwds++;
                         if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                                quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+                                quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
                                 goto err;
                         }
                 while (*passwds != NULL);
@@ -251,7 +265,7 @@ int MAIN(int argc, char **argv)
                                         }
                                 
                                 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                                        quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+                                        quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
                                         goto err;
                                 }
                         done = (r <= 0);
@@ -262,22 +276,29 @@ int MAIN(int argc, char **argv)
 err:
         ERR_print_errors(bio_err);
         if (salt_malloc)
-                Free(salt_malloc);
+                OPENSSL_free(salt_malloc);
         if (passwd_malloc)
-                Free(passwd_malloc);
+                OPENSSL_free(passwd_malloc);
         if (in)
                 BIO_free(in);
         if (out)
-                BIO_free(out);
+                BIO_free_all(out);
         EXIT(ret);
         }
 
 
-#ifndef NO_APR1
-/* MD5-based password algorithm compatible to the one found in Apache
- * (should probably be available as a library function;
- * then the static buffer would not be acceptable) */
-static char *apr1_crypt(const char *passwd, const char *salt)
+#ifndef NO_MD5CRYPT_1
+/* MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable).
+ * For magic string "1", this should be compatible to the MD5-based BSD
+ * password algorithm.
+ * For 'magic' string "apr1", this is compatible to the MD5-based Apache
+ * password algorithm.
+ * (Apparently, the Apache password algorithm is identical except that the
+ * 'magic' string was changed -- the laziest application of the NIH principle
+ * I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
         {
         static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
         unsigned char buf[MD5_DIGEST_LENGTH];
@@ -287,7 +308,11 @@ static char *apr1_crypt(const char *passwd, const char *salt)
         size_t passwd_len, salt_len;
 
         passwd_len = strlen(passwd);
-        strcpy(out_buf, "$apr1$");
+        out_buf[0] = '$';
+        out_buf[1] = 0;
+        assert(strlen(magic) <= 4); /* "1" or "apr1" */
+        strncat(out_buf, magic, 4);
+        strncat(out_buf, "$", 1);
         strncat(out_buf, salt, 8);
         assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
         salt_out = out_buf + 6;
@@ -296,7 +321,9 @@ static char *apr1_crypt(const char *passwd, const char *salt)
         
         MD5_Init(&md);
         MD5_Update(&md, passwd, passwd_len);
-        MD5_Update(&md, "$apr1$", 6);
+        MD5_Update(&md, "$", 1);
+        MD5_Update(&md, magic, strlen(magic));
+        MD5_Update(&md, "$", 1);
         MD5_Update(&md, salt_out, salt_len);
         
          {
@@ -380,7 +407,7 @@ static char *apr1_crypt(const char *passwd, const char *salt)
 
 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
         char *passwd, BIO *out, int quiet, int table, int reverse,
-        size_t pw_maxlen, int usecrypt, int useapr1)
+        size_t pw_maxlen, int usecrypt, int use1, int useapr1)
         {
         char *hash = NULL;
 
@@ -395,7 +422,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
                         {
                         if (*salt_malloc_p == NULL)
                                 {
-                                *salt_p = *salt_malloc_p = Malloc(3);
+                                *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
                                 if (*salt_malloc_p == NULL)
                                         goto err;
                                 }
@@ -411,14 +438,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
                         }
 #endif /* !NO_DES */
 
-#ifndef NO_APR1
-                if (useapr1)
+#ifndef NO_MD5CRYPT_1
+                if (use1 || useapr1)
                         {
                         int i;
                         
                         if (*salt_malloc_p == NULL)
                                 {
-                                *salt_p = *salt_malloc_p = Malloc(9);
+                                *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
                                 if (*salt_malloc_p == NULL)
                                         goto err;
                                 }
@@ -429,7 +456,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
                                 (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
                         (*salt_p)[8] = 0;
                         }
-#endif /* !NO_APR1 */
+#endif /* !NO_MD5CRYPT_1 */
                 }
         
         assert(*salt_p != NULL);
@@ -448,9 +475,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
         if (usecrypt)
                 hash = des_crypt(passwd, *salt_p);
 #endif
-#ifndef NO_APR1
-        if (useapr1)
-                hash = apr1_crypt(passwd, *salt_p);
+#ifndef NO_MD5CRYPT_1
+        if (use1 || useapr1)
+                hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
 #endif
         assert(hash != NULL);
 
diff --git a/src/lib/libssl/src/apps/pem_mail.c b/src/lib/libssl/src/apps/pem_mail.c
index f85c7b1c83..e69de29bb2 100644
--- a/src/lib/libssl/src/apps/pem_mail.c
+++ b/src/lib/libssl/src/apps/pem_mail.c
@@ -1,170 +0,0 @@
-/* apps/pem_mail.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RSA
-#include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include "apps.h"
-
-#undef PROG
-#define PROG    pem_mail_main
-
-static char *usage[]={
-"usage: pem_mail args\n",
-"\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -cert arg       - the certificate to use\n",
-" -key arg        - the private key to use\n",
-" -MIC           - sign the message\n",
-" -enc arg        - encrypt with one of cbc-des\n",
-NULL
-};
-
-
-typedef struct lines_St
-        {
-        char *line;
-        struct lines_st *next;
-        } LINES;
-
-int main(int argc, char **argv)
-        {
-        FILE *in;
-        RSA *rsa=NULL;
-        EVP_MD_CTX ctx;
-        unsigned int mic=0,i,n;
-        unsigned char buf[1024*15];
-        char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
-        int badops=0;
-
-        apps_startup();
-
-        prog=argv[0];
-        argc--;
-        argv++;
-        while (argc >= 1)
-                {
-                if (strcmp(*argv,"-key") == 0)
-                        {
-                        if (--argc < 1) goto bad;
-                        key= *(++argv);
-                        }
-                else if (strcmp(*argv,"-in") == 0)
-                        {
-                        if (--argc < 1) goto bad;
-                        infile= *(++argv);
-                        }
-                else if (strcmp(*argv,"-out") == 0)
-                        {
-                        if (--argc < 1) goto bad;
-                        outfile= *(++argv);
-                        }
-                else if (strcmp(*argv,"-mic") == 0)
-                        mic=1;
-                else
-                        {
-                        BIO_printf(bio_err,"unknown option %s\n",*argv);
-                        badops=1;
-                        break;
-                        }
-                argc--;
-                argv++;
-                }
-
-        if (badops)
-                {
-bad:
-                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-                BIO_printf(bio_err,"where options  are\n");
-                EXIT(1);
-                }
-
-        if (key == NULL)
-                { BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
-        in=fopen(key,"r");
-        if (in == NULL) { perror(key); EXIT(1); }
-        rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
-        if (rsa == NULL)
-                {
-                BIO_printf(bio_err,"unable to load Private Key\n");
-                ERR_print_errors(bio_err);
-                EXIT(1);
-                }
-        fclose(in);
-
-        PEM_SignInit(&ctx,EVP_md5());
-        for (;;)
-                {
-                i=fread(buf,1,1024*10,stdin);
-                if (i <= 0) break;
-                PEM_SignUpdate(&ctx,buf,i);
-                }
-        if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
-        BIO_printf(bio_err,"%s\n",buf);
-        EXIT(0);
-err:
-        ERR_print_errors(bio_err);
-        EXIT(1);
-        }
-#endif
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index bf76864713..365a8ada93 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #define PROG pkcs12_main
 
@@ -78,9 +79,10 @@ EVP_CIPHER *enc;
 #define CLCERTS         0x8
 #define CACERTS         0x10
 
-int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
+                          int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -91,6 +93,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+    ENGINE *e = NULL;
     char *infile=NULL, *outfile=NULL, *keyname = NULL;  
     char *certfile=NULL;
     BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -116,6 +119,8 @@ int MAIN(int argc, char **argv)
     char *passargin = NULL, *passargout = NULL, *passarg = NULL;
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
+    char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;
 
     apps_startup();
 
@@ -195,7 +200,7 @@ int MAIN(int argc, char **argv)
                 } else if (!strcmp (*args, "-caname")) {
                     if (args[1]) {
                         args++; 
-                        if (!canames) canames = sk_new(NULL);
+                        if (!canames) canames = sk_new_null();
                         sk_push(canames, *args);
                     } else badarg = 1;
                 } else if (!strcmp (*args, "-in")) {
@@ -224,6 +229,21 @@ int MAIN(int argc, char **argv)
                         passarg = *args;
                         noprompt = 1;
                     } else badarg = 1;
+                } else if (!strcmp(*args,"-CApath")) {
+                    if (args[1]) {
+                        args++; 
+                        CApath = *args;
+                    } else badarg = 1;
+                } else if (!strcmp(*args,"-CAfile")) {
+                    if (args[1]) {
+                        args++; 
+                        CAfile = *args;
+                    } else badarg = 1;
+                } else if (!strcmp(*args,"-engine")) {
+                    if (args[1]) {
+                        args++; 
+                        engine = *args;
+                    } else badarg = 1;
                 } else badarg = 1;
 
         } else badarg = 1;
@@ -237,6 +257,8 @@ int MAIN(int argc, char **argv)
         BIO_printf (bio_err, "-chain        add certificate chain\n");
         BIO_printf (bio_err, "-inkey file   private key if not infile\n");
         BIO_printf (bio_err, "-certfile f   add all certs in f\n");
+        BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
+        BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
         BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
         BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
         BIO_printf (bio_err, "-in  infile   input filename\n");
@@ -265,12 +287,27 @@ int MAIN(int argc, char **argv)
         BIO_printf (bio_err, "-password p   set import/export password source\n");
         BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
         BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+        BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
         BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
         BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
         BIO_printf(bio_err,  "              the random number generator\n");
         goto end;
     }
 
+    if (engine != NULL) {
+        if((e = ENGINE_by_id(engine)) == NULL) {
+            BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
+            goto end;
+        }
+        if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            BIO_printf(bio_err,"can't use that engine\n");
+            goto end;
+        }
+        BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
+    }
+
     if(passarg) {
         if(export_cert) passargout = passarg;
         else passargin = passarg;
@@ -336,8 +373,15 @@ int MAIN(int argc, char **argv)
     CRYPTO_push_info("write files");
 #endif
 
-    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
-    else out = BIO_new_file(outfile, "wb");
+    if (!outfile) {
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+#endif
+    } else out = BIO_new_file(outfile, "wb");
     if (!out) {
         BIO_printf(bio_err, "Error opening output file %s\n",
                                                 outfile ? outfile : "<stdout>");
@@ -359,20 +403,22 @@ int MAIN(int argc, char **argv)
     }
 
     if (export_cert) {
-        EVP_PKEY *key;
-        STACK *bags, *safes;
-        PKCS12_SAFEBAG *bag;
-        PKCS8_PRIV_KEY_INFO *p8;
-        PKCS7 *authsafe;
+        EVP_PKEY *key = NULL;
+        STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+        STACK_OF(PKCS7) *safes = NULL;
+        PKCS12_SAFEBAG *bag = NULL;
+        PKCS8_PRIV_KEY_INFO *p8 = NULL;
+        PKCS7 *authsafe = NULL;
         X509 *ucert = NULL;
         STACK_OF(X509) *certs=NULL;
-        char *catmp;
+        char *catmp = NULL;
         int i;
         unsigned char keyid[EVP_MAX_MD_SIZE];
         unsigned int keyidlen = 0;
 
 #ifdef CRYPTO_MDEBUG
         CRYPTO_push_info("process -export_cert");
+        CRYPTO_push_info("reading private key");
 #endif
         key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
         if (!inkey) (void) BIO_reset(in);
@@ -380,18 +426,28 @@ int MAIN(int argc, char **argv)
         if (!key) {
                 BIO_printf (bio_err, "Error loading private key\n");
                 ERR_print_errors(bio_err);
-                goto end;
+                goto export_end;
         }
 
-        certs = sk_X509_new(NULL);
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from input");
+#endif
+
+        certs = sk_X509_new_null();
 
         /* Load in all certs in input file */
         if(!cert_load(in, certs)) {
                 BIO_printf(bio_err, "Error loading certificates from input\n");
                 ERR_print_errors(bio_err);
-                goto end;
+                goto export_end;
         }
 
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from input 2");
+#endif
+
         for(i = 0; i < sk_X509_num(certs); i++) {
                 ucert = sk_X509_value(certs, i);
                 if(X509_check_private_key(ucert, key)) {
@@ -399,41 +455,68 @@ int MAIN(int argc, char **argv)
                         break;
                 }
         }
-
         if(!keyidlen) {
+                ucert = NULL;
                 BIO_printf(bio_err, "No certificate matches private key\n");
-                goto end;
+                goto export_end;
         }
         
-        bags = sk_new (NULL);
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from certfile");
+#endif
+
+        bags = sk_PKCS12_SAFEBAG_new_null ();
 
         /* Add any more certificates asked for */
         if (certsin) {
                 if(!cert_load(certsin, certs)) {
                         BIO_printf(bio_err, "Error loading certificates from certfile\n");
                         ERR_print_errors(bio_err);
-                        goto end;
+                        goto export_end;
                 }
                 BIO_free(certsin);
         }
 
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("building chain");
+#endif
+
         /* If chaining get chain from user cert */
         if (chain) {
                 int vret;
                 STACK_OF(X509) *chain2;
-                vret = get_cert_chain (ucert, &chain2);
+                X509_STORE *store = X509_STORE_new();
+                if (!store)
+                        {
+                        BIO_printf (bio_err, "Memory allocation error\n");
+                        goto export_end;
+                        }
+                if (!X509_STORE_load_locations(store, CAfile, CApath))
+                        X509_STORE_set_default_paths (store);
+
+                vret = get_cert_chain (ucert, store, &chain2);
+                X509_STORE_free(store);
+
+                if (!vret) {
+                    /* Exclude verified certificate */
+                    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+                        sk_X509_push(certs, sk_X509_value (chain2, i));
+                }
+                sk_X509_free(chain2);
                 if (vret) {
                         BIO_printf (bio_err, "Error %s getting chain.\n",
                                         X509_verify_cert_error_string(vret));
-                        goto end;
-                }
-                /* Exclude verified certificate */
-                for (i = 1; i < sk_X509_num (chain2) ; i++) 
-                                 sk_X509_push(certs, sk_X509_value (chain2, i));
-                sk_X509_free(chain2);
-                        
+                        goto export_end;
+                }                       
         }
 
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("building bags");
+#endif
+
         /* We now have loads of certificates: include them all */
         for(i = 0; i < sk_X509_num(certs); i++) {
                 X509 *cert = NULL;
@@ -445,59 +528,101 @@ int MAIN(int argc, char **argv)
                         PKCS12_add_localkeyid(bag, keyid, keyidlen);
                 } else if((catmp = sk_shift(canames))) 
                                 PKCS12_add_friendlyname(bag, catmp, -1);
-                sk_push(bags, (char *)bag);
+                sk_PKCS12_SAFEBAG_push(bags, bag);
         }
         sk_X509_pop_free(certs, X509_free);
-        if (canames) sk_free(canames);
+        certs = NULL;
+        /* ucert is part of certs so it is already freed */
+        ucert = NULL;
+
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("encrypting bags");
+#endif
 
         if(!noprompt &&
                 EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
             BIO_printf (bio_err, "Can't read Password\n");
-            goto end;
+            goto export_end;
         }
         if (!twopass) strcpy(macpass, pass);
         /* Turn certbags into encrypted authsafe */
         authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
                                                                  iter, bags);
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
 
         if (!authsafe) {
                 ERR_print_errors (bio_err);
-                goto end;
+                goto export_end;
         }
 
-        safes = sk_new (NULL);
-        sk_push (safes, (char *)authsafe);
+        safes = sk_PKCS7_new_null ();
+        sk_PKCS7_push (safes, authsafe);
+
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("building shrouded key bag");
+#endif
 
         /* Make a shrouded key bag */
         p8 = EVP_PKEY2PKCS8 (key);
-        EVP_PKEY_free(key);
         if(keytype) PKCS8_add_keyusage(p8, keytype);
         bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
+        p8 = NULL;
         if (name) PKCS12_add_friendlyname (bag, name, -1);
         PKCS12_add_localkeyid (bag, keyid, keyidlen);
-        bags = sk_new(NULL);
-        sk_push (bags, (char *)bag);
+        bags = sk_PKCS12_SAFEBAG_new_null();
+        sk_PKCS12_SAFEBAG_push (bags, bag);
+
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("encrypting shrouded key bag");
+#endif
+
         /* Turn it into unencrypted safe bag */
         authsafe = PKCS12_pack_p7data (bags);
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
-        sk_push (safes, (char *)authsafe);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+        sk_PKCS7_push (safes, authsafe);
+
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("building pkcs12");
+#endif
 
         p12 = PKCS12_init (NID_pkcs7_data);
 
         M_PKCS12_pack_authsafes (p12, safes);
 
-        sk_pop_free(safes, PKCS7_free);
+        sk_PKCS7_pop_free(safes, PKCS7_free);
+        safes = NULL;
 
         PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
 
-        i2d_PKCS12_bio (out, p12);
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("writing pkcs12");
+#endif
 
-        PKCS12_free(p12);
+        i2d_PKCS12_bio (out, p12);
 
         ret = 0;
 
+    export_end:
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_pop_info();
+        CRYPTO_push_info("process -export_cert: freeing");
+#endif
+
+        if (key) EVP_PKEY_free(key);
+        if (certs) sk_X509_pop_free(certs, X509_free);
+        if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+        if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        if (ucert) X509_free(ucert);
+
 #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
 #endif
@@ -528,11 +653,16 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("verify MAC");
 #endif
-        if (!PKCS12_verify_mac (p12, mpass, -1)) {
+        /* If we enter empty password try no password first */
+        if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+                /* If mac and crypto pass the same set it to NULL too */
+                if(!twopass) cpass = NULL;
+        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
             BIO_printf (bio_err, "Mac verify error: invalid password?\n");
             ERR_print_errors (bio_err);
             goto end;
-        } else BIO_printf (bio_err, "MAC verified OK\n");
+        }
+        BIO_printf (bio_err, "MAC verified OK\n");
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
 #endif
@@ -549,29 +679,32 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
 #endif
-    PKCS12_free(p12);
     ret = 0;
-    end:
+ end:
+    if (p12) PKCS12_free(p12);
     if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
     CRYPTO_remove_all_info();
 #endif
     BIO_free(in);
-    BIO_free(out);
-    if(passin) Free(passin);
-    if(passout) Free(passout);
+    BIO_free_all(out);
+    if (canames) sk_free(canames);
+    if(passin) OPENSSL_free(passin);
+    if(passout) OPENSSL_free(passout);
     EXIT(ret);
 }
 
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
              int passlen, int options, char *pempass)
 {
-        STACK *asafes, *bags;
+        STACK_OF(PKCS7) *asafes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
         int i, bagnid;
         PKCS7 *p7;
+
         if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
-        for (i = 0; i < sk_num (asafes); i++) {
-                p7 = (PKCS7 *) sk_value (asafes, i);
+        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+                p7 = sk_PKCS7_value (asafes, i);
                 bagnid = OBJ_obj2nid (p7->type);
                 if (bagnid == NID_pkcs7_data) {
                         bags = M_PKCS12_unpack_p7data (p7);
@@ -587,23 +720,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
                 if (!bags) return 0;
                 if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
                                                  options, pempass)) {
-                        sk_pop_free (bags, PKCS12_SAFEBAG_free);
+                        sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
                         return 0;
                 }
-                sk_pop_free (bags, PKCS12_SAFEBAG_free);
+                sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
         }
-        sk_pop_free (asafes, PKCS7_free);
+        sk_PKCS7_pop_free (asafes, PKCS7_free);
         return 1;
 }
 
-int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
-             int passlen, int options, char *pempass)
+int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+                           char *pass, int passlen, int options, char *pempass)
 {
         int i;
-        for (i = 0; i < sk_num (bags); i++) {
+        for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
                 if (!dump_certs_pkeys_bag (out,
-                         (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
-                                                options, pempass)) return 0;
+                                           sk_PKCS12_SAFEBAG_value (bags, i),
+                                           pass, passlen,
+                                           options, pempass))
+                    return 0;
         }
         return 1;
 }
@@ -679,15 +814,12 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 
 /* Hope this is OK .... */
 
-int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
-        X509_STORE *store;
         X509_STORE_CTX store_ctx;
         STACK_OF(X509) *chn;
         int i;
 
-        store = X509_STORE_new ();
-        X509_STORE_set_default_paths (store);
         X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
         if (X509_verify_cert(&store_ctx) <= 0) {
                 i = X509_STORE_CTX_get_error (&store_ctx);
@@ -698,7 +830,6 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
         *chain = chn;
 err:
         X509_STORE_CTX_cleanup(&store_ctx);
-        X509_STORE_free(store);
         
         return i;
 }       
@@ -722,10 +853,22 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
         int ret;
         X509 *cert;
         ret = 0;
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_push_info("cert_load(): reading one cert");
+#endif
         while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+#ifdef CRYPTO_MDEBUG
+                CRYPTO_pop_info();
+#endif
                 ret = 1;
                 sk_X509_push(sk, cert);
+#ifdef CRYPTO_MDEBUG
+                CRYPTO_push_info("cert_load(): reading one cert");
+#endif
         }
+#ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+#endif
         if(ret) ERR_clear_error();
         return ret;
 }
@@ -763,18 +906,18 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
                                 value = uni2asc(av->value.bmpstring->data,
                                                av->value.bmpstring->length);
                                 BIO_printf(out, "%s\n", value);
-                                Free(value);
+                                OPENSSL_free(value);
                                 break;
 
                                 case V_ASN1_OCTET_STRING:
-                                hex_prin(out, av->value.bit_string->data,
-                                        av->value.bit_string->length);
+                                hex_prin(out, av->value.octet_string->data,
+                                        av->value.octet_string->length);
                                 BIO_printf(out, "\n");  
                                 break;
 
                                 case V_ASN1_BIT_STRING:
-                                hex_prin(out, av->value.octet_string->data,
-                                        av->value.octet_string->length);
+                                hex_prin(out, av->value.bit_string->data,
+                                        av->value.bit_string->length);
                                 BIO_printf(out, "\n");  
                                 break;
 
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c
index f471cc77fd..b348da2203 100644
--- a/src/lib/libssl/src/apps/pkcs7.c
+++ b/src/lib/libssl/src/apps/pkcs7.c
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    pkcs7_main
@@ -82,6 +83,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         PKCS7 *p7=NULL;
         int i,badops=0;
         BIO *in=NULL,*out=NULL;
@@ -89,6 +91,7 @@ int MAIN(int argc, char **argv)
         char *infile,*outfile,*prog;
         int print_certs=0,text=0,noout=0;
         int ret=0;
+        char *engine=NULL;
 
         apps_startup();
 
@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
                         text=1;
                 else if (strcmp(*argv,"-print_certs") == 0)
                         print_certs=1;
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else
                         {
                         BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
                 BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
                 BIO_printf(bio_err," -text         print full details of certificates\n");
                 BIO_printf(bio_err," -noout        don't output encoded data\n");
+                BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                 EXIT(1);
                 }
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         in=BIO_new(BIO_s_file());
         out=BIO_new(BIO_s_file());
         if ((in == NULL) || (out == NULL))
@@ -196,7 +223,15 @@ bad:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -280,6 +315,6 @@ bad:
 end:
         if (p7 != NULL) PKCS7_free(p7);
         if (in != NULL) BIO_free(in);
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index 3e59b74124..bd1697a325 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -62,6 +62,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #include "apps.h"
 #define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+        ENGINE *e = NULL;
         char **args, *infile = NULL, *outfile = NULL;
         char *passargin = NULL, *passargout = NULL;
         BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
         EVP_PKEY *pkey;
         char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
         int badarg = 0;
+        char *engine=NULL;
+
         if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
         informat=FORMAT_PEM;
         outformat=FORMAT_PEM;
+
         ERR_load_crypto_strings();
         OpenSSL_add_all_algorithms();
         args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
                         if (!args[1]) goto bad;
                         passargout= *(++args);
                         }
+                else if (strcmp(*args,"-engine") == 0)
+                        {
+                        if (!args[1]) goto bad;
+                        engine= *(++args);
+                        }
                 else if (!strcmp (*args, "-in")) {
                         if (args[1]) {
                                 args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
                 BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
                 BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
                 BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+                BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                 return (1);
         }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        return (1);
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        return (1);
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                 BIO_printf(bio_err, "Error getting passwords\n");
                 return (1);
@@ -194,8 +224,15 @@ int MAIN(int argc, char **argv)
                                  "Can't open output file %s\n", outfile);
                         return (1);
                 }
-        } else out = BIO_new_fp (stdout, BIO_NOCLOSE);
-
+        } else {
+                out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
         if (topk8) {
                 if(informat == FORMAT_PEM)
                         pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
@@ -253,9 +290,9 @@ int MAIN(int argc, char **argv)
                 }
                 PKCS8_PRIV_KEY_INFO_free (p8inf);
                 EVP_PKEY_free(pkey);
-                BIO_free(out);
-                if(passin) Free(passin);
-                if(passout) Free(passout);
+                BIO_free_all(out);
+                if(passin) OPENSSL_free(passin);
+                if(passout) OPENSSL_free(passout);
                 return (0);
         }
 
@@ -336,10 +373,10 @@ int MAIN(int argc, char **argv)
         }
 
         EVP_PKEY_free(pkey);
-        BIO_free(out);
+        BIO_free_all(out);
         BIO_free(in);
-        if(passin) Free(passin);
-        if(passout) Free(passout);
+        if(passin) OPENSSL_free(passin);
+        if(passout) OPENSSL_free(passout);
 
         return (0);
 }
diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h
index 7d2238493a..fbc65de632 100644
--- a/src/lib/libssl/src/apps/progs.h
+++ b/src/lib/libssl/src/apps/progs.h
@@ -14,6 +14,7 @@ extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
 extern int rsa_main(int argc,char *argv[]);
+extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
@@ -67,6 +68,9 @@ FUNCTION functions[] = {
 #ifndef NO_RSA
         {FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
+#ifndef NO_RSA
+        {FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
+#endif
 #ifndef NO_DSA
         {FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
@@ -106,6 +110,7 @@ FUNCTION functions[] = {
         {FUNC_TYPE_GENERAL,"smime",smime_main},
         {FUNC_TYPE_GENERAL,"rand",rand_main},
         {FUNC_TYPE_MD,"md2",dgst_main},
+        {FUNC_TYPE_MD,"md4",dgst_main},
         {FUNC_TYPE_MD,"md5",dgst_main},
         {FUNC_TYPE_MD,"sha",dgst_main},
         {FUNC_TYPE_MD,"sha1",dgst_main},
diff --git a/src/lib/libssl/src/apps/progs.pl b/src/lib/libssl/src/apps/progs.pl
index 9842d2ace7..214025cd2d 100644
--- a/src/lib/libssl/src/apps/progs.pl
+++ b/src/lib/libssl/src/apps/progs.pl
@@ -29,7 +29,7 @@ foreach (@ARGV)
         $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
         if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
                 { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; } 
-        elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
+        elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
                 { print "#ifndef NO_RSA\n${str}#endif\n";  }
         elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
                 { print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -41,7 +41,7 @@ foreach (@ARGV)
                 { print $str; }
         }
 
-foreach ("md2","md5","sha","sha1","mdc2","rmd160")
+foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
         {
         push(@files,$_);
         printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c
index cfbba30755..6add7bbd6c 100644
--- a/src/lib/libssl/src/apps/rand.c
+++ b/src/lib/libssl/src/apps/rand.c
@@ -9,6 +9,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int i, r, ret = 1;
         int badopt;
         char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
         int base64 = 0;
         BIO *out = NULL;
         int num = -1;
+        char *engine=NULL;
 
         apps_startup();
 
@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
                         else
                                 badopt = 1;
                         }
+                if (strcmp(argv[i], "-engine") == 0)
+                        {
+                        if ((argv[i+1] != NULL) && (engine == NULL))
+                                engine = argv[++i];
+                        else
+                                badopt = 1;
+                        }
                 else if (strcmp(argv[i], "-rand") == 0)
                         {
                         if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -62,7 +72,7 @@ int MAIN(int argc, char **argv)
                         else
                                 badopt = 1;
                         }
-                else if (isdigit(argv[i][0]))
+                else if (isdigit((unsigned char)argv[i][0]))
                         {
                         if (num < 0)
                                 {
@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
                 {
                 BIO_printf(bio_err, "Usage: rand [options] num\n");
                 BIO_printf(bio_err, "where options are\n");
-                BIO_printf(bio_err, "-out file            - write to file\n");
-                BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-                BIO_printf(bio_err, "-base64              - encode output\n");
+                BIO_printf(bio_err, "-out file             - write to file\n");
+                BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
+                BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+                BIO_printf(bio_err, "-base64               - encode output\n");
                 goto err;
                 }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto err;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto err;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         app_RAND_load_file(NULL, bio_err, (inrand != NULL));
         if (inrand != NULL)
                 BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -101,7 +130,15 @@ int MAIN(int argc, char **argv)
         if (outfile != NULL)
                 r = BIO_write_filename(out, outfile);
         else
+                {
                 r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         if (r <= 0)
                 goto err;
 
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index eb338eeb1b..0751d92201 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define SECTION         "req"
 
@@ -102,6 +103,7 @@
  * -config file - Load configuration file.
  * -key file    - make a request using key in file (or use it for verification).
  * -keyform     - key file format.
+ * -rand file(s) - load the file(s) into the PRNG.
  * -newkey      - make a key and a request.
  * -modulus     - print RSA modulus.
  * -x509        - output a self signed X509 structure instead.
@@ -125,7 +127,6 @@ static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
 static int check_end(char *str, char *end);
-static int add_oid_section(LHASH *conf);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
@@ -140,6 +141,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
 #ifndef NO_DSA
         DSA *dsa_params=NULL;
 #endif
@@ -152,10 +154,12 @@ int MAIN(int argc, char **argv)
         int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
         int nodes=0,kludge=0,newhdr=0;
         char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+        char *engine=NULL;
         char *extensions = NULL;
         char *req_exts = NULL;
         EVP_CIPHER *cipher=NULL;
         int modulus=0;
+        char *inrand=NULL;
         char *passargin = NULL, *passargout = NULL;
         char *passin = NULL, *passout = NULL;
         char *p;
@@ -194,6 +198,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         outformat=str2fmt(*(++argv));
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-key") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -239,6 +248,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         passargout= *(++argv);
                         }
+                else if (strcmp(*argv,"-rand") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        inrand= *(++argv);
+                        }
                 else if (strcmp(*argv,"-newkey") == 0)
                         {
                         int is_numeric;
@@ -369,9 +383,13 @@ bad:
                 BIO_printf(bio_err," -verify        verify signature on REQ\n");
                 BIO_printf(bio_err," -modulus       RSA modulus\n");
                 BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+                BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err," -key file  use the private key contained in file\n");
                 BIO_printf(bio_err," -keyform arg   key file format\n");
                 BIO_printf(bio_err," -keyout arg    file to send the key to\n");
+                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+                BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
+                BIO_printf(bio_err,"                the random number generator\n");
                 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 
@@ -457,7 +475,7 @@ bad:
                                 }
                         }
                 }
-                if(!add_oid_section(req_conf)) goto end;
+                if(!add_oid_section(bio_err, req_conf)) goto end;
 
         if ((md_alg == NULL) &&
                 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -513,24 +531,55 @@ bad:
         if ((in == NULL) || (out == NULL))
                 goto end;
 
-        if (keyfile != NULL)
+        if (engine != NULL)
                 {
-                if (BIO_read_filename(in,keyfile) <= 0)
+                if((e = ENGINE_by_id(engine)) == NULL)
                         {
-                        perror(keyfile);
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
                         goto end;
                         }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
 
-                if (keyform == FORMAT_ASN1)
-                        pkey=d2i_PrivateKey_bio(in,NULL);
-                else if (keyform == FORMAT_PEM)
+        if (keyfile != NULL)
+                {
+                if (keyform == FORMAT_ENGINE)
                         {
-                        pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+                        if (!e)
+                                {
+                                BIO_printf(bio_err,"no engine specified\n");
+                                goto end;
+                                }
+                        pkey = ENGINE_load_private_key(e, keyfile, NULL);
                         }
                 else
                         {
-                        BIO_printf(bio_err,"bad input format specified for X509 request\n");
-                        goto end;
+                        if (BIO_read_filename(in,keyfile) <= 0)
+                                {
+                                perror(keyfile);
+                                goto end;
+                                }
+
+                        if (keyform == FORMAT_ASN1)
+                                pkey=d2i_PrivateKey_bio(in,NULL);
+                        else if (keyform == FORMAT_PEM)
+                                {
+                                pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+                                        passin);
+                                }
+                        else
+                                {
+                                BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                                goto end;
+                                }
                         }
 
                 if (pkey == NULL)
@@ -538,12 +587,19 @@ bad:
                         BIO_printf(bio_err,"unable to load Private key\n");
                         goto end;
                         }
+                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+                        {
+                        char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+                        app_RAND_load_file(randfile, bio_err, 0);
+                        }
                 }
 
         if (newreq && (pkey == NULL))
                 {
                 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
                 app_RAND_load_file(randfile, bio_err, 0);
+                if (inrand)
+                        app_RAND_load_files(inrand);
         
                 if (newkey <= 0)
                         {
@@ -593,6 +649,12 @@ bad:
                         {
                         BIO_printf(bio_err,"writing new private key to stdout\n");
                         BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        out = BIO_push(tmpbio, out);
+                        }
+#endif
                         }
                 else
                         {
@@ -788,7 +850,15 @@ loop:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -874,12 +944,12 @@ end:
                 }
         if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
         BIO_free(in);
-        BIO_free(out);
+        BIO_free_all(out);
         EVP_PKEY_free(pkey);
         X509_REQ_free(req);
         X509_free(x509ss);
-        if(passargin && passin) Free(passin);
-        if(passargout && passout) Free(passout);
+        if(passargin && passin) OPENSSL_free(passin);
+        if(passargout && passout) OPENSSL_free(passout);
         OBJ_cleanup();
 #ifndef NO_DSA
         if (dsa_params != NULL) DSA_free(dsa_params);
@@ -1083,7 +1153,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
                  * multiple instances 
                  */
                 for(p = v->name; *p ; p++) 
+#ifndef CHARSET_EBCDIC
                         if ((*p == ':') || (*p == ',') || (*p == '.')) {
+#else
+                        if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
+#endif
                                 p++;
                                 if(*p) type = p;
                                 break;
@@ -1199,6 +1273,9 @@ start:
                 return(0);
                 }
         buf[--i]='\0';
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(buf, buf, i);
+#endif
         if(!req_check_len(i, min, max)) goto start;
 
         if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
@@ -1256,25 +1333,3 @@ static int check_end(char *str, char *end)
         tmp = str + slen - elen;
         return strcmp(tmp, end);
 }
-
-static int add_oid_section(LHASH *conf)
-{       
-        char *p;
-        STACK_OF(CONF_VALUE) *sktmp;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
-        if(!(sktmp = CONF_get_section(conf, p))) {
-                BIO_printf(bio_err, "problem loading oid section %s\n", p);
-                return 0;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-                cnf = sk_CONF_VALUE_value(sktmp, i);
-                if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-                        BIO_printf(bio_err, "problem creating object %s=%s\n",
-                                                         cnf->name, cnf->value);
-                        return 0;
-                }
-        }
-        return 1;
-}
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
index 9d4c2e6564..7e9e5e2c38 100644
--- a/src/lib/libssl/src/apps/rsa.c
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    rsa_main
@@ -90,9 +91,10 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int ret=1;
         RSA *rsa=NULL;
-        int i,badops=0;
+        int i,badops=0, sgckey=0;
         const EVP_CIPHER *enc=NULL;
         BIO *in=NULL,*out=NULL;
         int informat,outformat,text=0,check=0,noout=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
         char *infile,*outfile,*prog;
         char *passargin = NULL, *passargout = NULL;
         char *passin = NULL, *passout = NULL;
+        char *engine=NULL;
         int modulus=0;
 
         apps_startup();
@@ -148,6 +151,13 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         passargout= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
+                else if (strcmp(*argv,"-sgckey") == 0)
+                        sgckey=1;
                 else if (strcmp(*argv,"-pubin") == 0)
                         pubin=1;
                 else if (strcmp(*argv,"-pubout") == 0)
@@ -178,6 +188,7 @@ bad:
                 BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
                 BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
                 BIO_printf(bio_err," -in arg         input file\n");
+                BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
                 BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
                 BIO_printf(bio_err," -out arg        output file\n");
                 BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
@@ -192,11 +203,30 @@ bad:
                 BIO_printf(bio_err," -check          verify key consistency\n");
                 BIO_printf(bio_err," -pubin          expect a public key in input file\n");
                 BIO_printf(bio_err," -pubout         output a public key\n");
+                BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                 goto end;
                 }
 
         ERR_load_crypto_strings();
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                 BIO_printf(bio_err, "Error getting passwords\n");
                 goto end;
@@ -254,7 +284,7 @@ bad:
                                 }
                         }
                 p=(unsigned char *)buf->data;
-                rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+                rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
                 BUF_MEM_free(buf);
                 }
 #endif
@@ -275,7 +305,15 @@ bad:
                 }
 
         if (outfile == NULL)
+                {
                 BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+                }
+#endif
+                }
         else
                 {
                 if (BIO_write_filename(out,outfile) <= 0)
@@ -344,16 +382,16 @@ bad:
                 int size;
 
                 i=1;
-                size=i2d_Netscape_RSA(rsa,NULL,NULL);
-                if ((p=(unsigned char *)Malloc(size)) == NULL)
+                size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
+                if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
                         {
-                        BIO_printf(bio_err,"Malloc failure\n");
+                        BIO_printf(bio_err,"Memory allocation failure\n");
                         goto end;
                         }
                 pp=p;
-                i2d_Netscape_RSA(rsa,&p,NULL);
+                i2d_RSA_NET(rsa,&p,NULL, sgckey);
                 BIO_write(out,(char *)pp,size);
-                Free(pp);
+                OPENSSL_free(pp);
                 }
 #endif
         else if (outformat == FORMAT_PEM) {
@@ -374,10 +412,10 @@ bad:
                 ret=0;
 end:
         if(in != NULL) BIO_free(in);
-        if(out != NULL) BIO_free(out);
+        if(out != NULL) BIO_free_all(out);
         if(rsa != NULL) RSA_free(rsa);
-        if(passin) Free(passin);
-        if(passout) Free(passout);
+        if(passin) OPENSSL_free(passin);
+        if(passout) OPENSSL_free(passout);
         EXIT(ret);
         }
 #else /* !NO_RSA */
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
new file mode 100644
index 0000000000..2ef75649dd
--- /dev/null
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -0,0 +1,315 @@
+/* rsautl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "apps.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+
+#define RSA_SIGN        1
+#define RSA_VERIFY      2
+#define RSA_ENCRYPT     3
+#define RSA_DECRYPT     4
+
+#define KEY_PRIVKEY     1
+#define KEY_PUBKEY      2
+#define KEY_CERT        3
+
+static void usage(void);
+
+#undef PROG
+
+#define PROG rsautl_main
+
+int MAIN(int argc, char **);
+
+int MAIN(int argc, char **argv)
+{
+        ENGINE *e = NULL;
+        BIO *in = NULL, *out = NULL;
+        char *infile = NULL, *outfile = NULL;
+        char *keyfile = NULL;
+        char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+        int keyform = FORMAT_PEM;
+        char need_priv = 0, badarg = 0, rev = 0;
+        char hexdump = 0, asn1parse = 0;
+        X509 *x;
+        EVP_PKEY *pkey = NULL;
+        RSA *rsa = NULL;
+        unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+        int rsa_inlen, rsa_outlen = 0;
+        int keysize;
+        char *engine=NULL;
+
+        int ret = 1;
+
+        argc--;
+        argv++;
+
+        if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+        ERR_load_crypto_strings();
+        OpenSSL_add_all_algorithms();
+        pad = RSA_PKCS1_PADDING;
+        
+        while(argc >= 1)
+        {
+                if (!strcmp(*argv,"-in")) {
+                        if (--argc < 1) badarg = 1;
+                        infile= *(++argv);
+                } else if (!strcmp(*argv,"-out")) {
+                        if (--argc < 1) badarg = 1;
+                        outfile= *(++argv);
+                } else if(!strcmp(*argv, "-inkey")) {
+                        if (--argc < 1) badarg = 1;
+                        keyfile = *(++argv);
+                } else if(!strcmp(*argv, "-engine")) {
+                        if (--argc < 1) badarg = 1;
+                        engine = *(++argv);
+                } else if(!strcmp(*argv, "-pubin")) {
+                        key_type = KEY_PUBKEY;
+                } else if(!strcmp(*argv, "-certin")) {
+                        key_type = KEY_CERT;
+                } 
+                else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
+                else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
+                else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
+                else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
+                else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
+                else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+                else if(!strcmp(*argv, "-sign")) {
+                        rsa_mode = RSA_SIGN;
+                        need_priv = 1;
+                } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
+                else if(!strcmp(*argv, "-rev")) rev = 1;
+                else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
+                else if(!strcmp(*argv, "-decrypt")) {
+                        rsa_mode = RSA_DECRYPT;
+                        need_priv = 1;
+                } else badarg = 1;
+                if(badarg) {
+                        usage();
+                        goto end;
+                }
+                argc--;
+                argv++;
+        }
+
+        if(need_priv && (key_type != KEY_PRIVKEY)) {
+                BIO_printf(bio_err, "A private key is needed for this operation\n");
+                goto end;
+        }
+
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
+/* FIXME: seed PRNG only if needed */
+        app_RAND_load_file(NULL, bio_err, 0);
+        
+        switch(key_type) {
+                case KEY_PRIVKEY:
+                pkey = load_key(bio_err, keyfile, keyform, NULL);
+                break;
+
+                case KEY_PUBKEY:
+                pkey = load_pubkey(bio_err, keyfile, keyform);
+                break;
+
+                case KEY_CERT:
+                x = load_cert(bio_err, keyfile, keyform);
+                if(x) {
+                        pkey = X509_get_pubkey(x);
+                        X509_free(x);
+                }
+                break;
+        }
+
+        if(!pkey) {
+                BIO_printf(bio_err, "Error loading key\n");
+                return 1;
+        }
+
+        rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+
+        if(!rsa) {
+                BIO_printf(bio_err, "Error getting RSA key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+
+
+        if(infile) {
+                if(!(in = BIO_new_file(infile, "rb"))) {
+                        BIO_printf(bio_err, "Error Reading Input File\n");
+                        ERR_print_errors(bio_err);      
+                        goto end;
+                }
+        } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+        if(outfile) {
+                if(!(out = BIO_new_file(outfile, "wb"))) {
+                        BIO_printf(bio_err, "Error Reading Output File\n");
+                        ERR_print_errors(bio_err);      
+                        goto end;
+                }
+        } else {
+                out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                    out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
+
+        keysize = RSA_size(rsa);
+
+        rsa_in = OPENSSL_malloc(keysize * 2);
+        rsa_out = OPENSSL_malloc(keysize);
+
+        /* Read the input data */
+        rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+        if(rsa_inlen <= 0) {
+                BIO_printf(bio_err, "Error reading input Data\n");
+                exit(1);
+        }
+        if(rev) {
+                int i;
+                unsigned char ctmp;
+                for(i = 0; i < rsa_inlen/2; i++) {
+                        ctmp = rsa_in[i];
+                        rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+                        rsa_in[rsa_inlen - 1 - i] = ctmp;
+                }
+        }
+        switch(rsa_mode) {
+
+                case RSA_VERIFY:
+                        rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                break;
+
+                case RSA_SIGN:
+                        rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                break;
+
+                case RSA_ENCRYPT:
+                        rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                break;
+
+                case RSA_DECRYPT:
+                        rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                break;
+
+        }
+
+        if(rsa_outlen <= 0) {
+                BIO_printf(bio_err, "RSA operation error\n");
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+        ret = 0;
+        if(asn1parse) {
+                if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+                        ERR_print_errors(bio_err);
+                }
+        } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
+        else BIO_write(out, rsa_out, rsa_outlen);
+        end:
+        RSA_free(rsa);
+        BIO_free(in);
+        BIO_free_all(out);
+        if(rsa_in) OPENSSL_free(rsa_in);
+        if(rsa_out) OPENSSL_free(rsa_out);
+        return ret;
+}
+
+static void usage()
+{
+        BIO_printf(bio_err, "Usage: rsautl [options]\n");
+        BIO_printf(bio_err, "-in file        input file\n");
+        BIO_printf(bio_err, "-out file       output file\n");
+        BIO_printf(bio_err, "-inkey file     input key\n");
+        BIO_printf(bio_err, "-pubin          input is an RSA public\n");
+        BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+        BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
+        BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
+        BIO_printf(bio_err, "-raw            use no padding\n");
+        BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
+        BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
+        BIO_printf(bio_err, "-sign           sign with private key\n");
+        BIO_printf(bio_err, "-verify         verify with public key\n");
+        BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
+        BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
+        BIO_printf(bio_err, "-hexdump        hex dump output\n");
+}
+
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index e629f8e7f1..45d627a60a 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -79,6 +79,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -152,6 +153,7 @@ static void sc_usage(void)
         BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
         BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
         BIO_printf(bio_err,"                 command to see what is available\n");
+        BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 
         }
 
@@ -179,6 +181,8 @@ int MAIN(int argc, char **argv)
         int prexit = 0;
         SSL_METHOD *meth=NULL;
         BIO *sbio;
+        char *engine_id=NULL;
+        ENGINE *e=NULL;
 #ifdef WINDOWS
         struct timeval tv;
 #endif
@@ -201,8 +205,8 @@ int MAIN(int argc, char **argv)
         if (bio_err == NULL)
                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
-        if (    ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
-                ((sbuf=Malloc(BUFSIZZ)) == NULL))
+        if (    ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+                ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
                 {
                 BIO_printf(bio_err,"out of memory\n");
                 goto end;
@@ -316,6 +320,11 @@ int MAIN(int argc, char **argv)
                 else if (strcmp(*argv,"-nbio") == 0)
                         { c_nbio=1; }
 #endif
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine_id = *(++argv);
+                        }
                 else
                         {
                         BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -349,6 +358,30 @@ bad:
 
         OpenSSL_add_ssl_algorithms();
         SSL_load_error_strings();
+
+        if (engine_id != NULL)
+                {
+                if((e = ENGINE_by_id(engine_id)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (c_debug)
+                        {
+                        ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                                0, bio_err, 0);
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+                ENGINE_free(e);
+                }
+
         ctx=SSL_CTX_new(meth);
         if (ctx == NULL)
                 {
@@ -523,7 +556,7 @@ re_start:
                                         tv.tv_usec = 0;
                                         i=select(width,(void *)&readfds,(void *)&writefds,
                                                  NULL,&tv);
-                                        if(!i && (!_kbhit() || !read_tty) ) continue;
+                                        if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
                                 } else  i=select(width,(void *)&readfds,(void *)&writefds,
                                          NULL,NULL);
                         }
@@ -689,7 +722,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                         }
 
 #ifdef WINDOWS
-                else if (_kbhit())
+                else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #else
                 else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
@@ -753,8 +786,8 @@ end:
         if (con != NULL) SSL_free(con);
         if (con2 != NULL) SSL_free(con2);
         if (ctx != NULL) SSL_CTX_free(ctx);
-        if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
-        if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
+        if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+        if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
         if (bio_c_out != NULL)
                 {
                 BIO_free(bio_c_out);
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index af19b89227..61a77dff11 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -176,6 +177,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -198,6 +200,7 @@ static void s_server_init(void)
         s_debug=0;
         s_quiet=0;
         hack=0;
+        engine_id=NULL;
         }
 #endif
 
@@ -242,6 +245,7 @@ static void sv_usage(void)
         BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
         BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
         BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+        BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
         }
 
 static int local_argc=0;
@@ -285,7 +289,7 @@ static int ebcdic_new(BIO *bi)
 {
         EBCDIC_OUTBUFF *wbuf;
 
-        wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+        wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
         wbuf->alloced = 1024;
         wbuf->buff[0] = '\0';
 
@@ -299,7 +303,7 @@ static int ebcdic_free(BIO *a)
 {
         if (a == NULL) return(0);
         if (a->ptr != NULL)
-                Free(a->ptr);
+                OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -336,8 +340,8 @@ static int ebcdic_write(BIO *b, char *in, int inl)
                 num = num + num;  /* double the size */
                 if (num < inl)
                         num = inl;
-                Free(wbuf);
-                wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
+                OPENSSL_free(wbuf);
+                wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
 
                 wbuf->alloced = num;
                 wbuf->buff[0] = '\0';
@@ -411,6 +415,7 @@ int MAIN(int argc, char *argv[])
         int no_tmp_rsa=0,no_dhe=0,nocert=0;
         int state=0;
         SSL_METHOD *meth=NULL;
+        ENGINE *e=NULL;
 #ifndef NO_DH
         DH *dh=NULL;
 #endif
@@ -565,6 +570,11 @@ int MAIN(int argc, char *argv[])
                 else if (strcmp(*argv,"-tls1") == 0)
                         { meth=TLSv1_server_method(); }
 #endif
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine_id= *(++argv);
+                        }
                 else
                         {
                         BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -609,6 +619,29 @@ bad:
         SSL_load_error_strings();
         OpenSSL_add_ssl_algorithms();
 
+        if (engine_id != NULL)
+                {
+                if((e = ENGINE_by_id(engine_id)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (s_debug)
+                        {
+                        ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                                0, bio_err, 0);
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+                ENGINE_free(e);
+                }
+
         ctx=SSL_CTX_new(meth);
         if (ctx == NULL)
                 {
@@ -766,7 +799,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
         struct timeval tv;
 #endif
 
-        if ((buf=Malloc(bufsize)) == NULL)
+        if ((buf=OPENSSL_malloc(bufsize)) == NULL)
                 {
                 BIO_printf(bio_err,"out of memory\n");
                 goto err;
@@ -1028,7 +1061,7 @@ err:
         if (buf != NULL)
                 {
                 memset(buf,0,bufsize);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         if (ret >= 0)
                 BIO_printf(bio_s_out,"ACCEPT\n");
@@ -1145,7 +1178,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
         BIO *io,*ssl_bio,*sbio;
         long total_bytes;
 
-        buf=Malloc(bufsize);
+        buf=OPENSSL_malloc(bufsize);
         if (buf == NULL) return(0);
         io=BIO_new(BIO_f_buffer());
         ssl_bio=BIO_new(BIO_f_ssl());
@@ -1474,7 +1507,7 @@ err:
         if (ret >= 0)
                 BIO_printf(bio_s_out,"ACCEPT\n");
 
-        if (buf != NULL) Free(buf);
+        if (buf != NULL) OPENSSL_free(buf);
         if (io != NULL) BIO_free_all(io);
 /*      if (ssl_bio != NULL) BIO_free(ssl_bio);*/
         return(ret);
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index 081b1a57d1..9812e6d505 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
         s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
         if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 
+#ifndef MPE
         i=0;
         i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
         if (i < 0) { perror("keepalive"); return(0); }
+#endif
 
         if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
                 { close(s); perror("connect"); return(0); }
@@ -241,7 +243,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
                         return(0);
                         }
                 i=(*cb)(name,sock, context);
-                if (name != NULL) Free(name);
+                if (name != NULL) OPENSSL_free(name);
                 SHUTDOWN2(sock);
                 if (i < 0)
                         {
@@ -372,9 +374,9 @@ redoit:
                 }
         else
                 {
-                if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+                if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
                         {
-                        perror("Malloc");
+                        perror("OPENSSL_malloc");
                         return(0);
                         }
                 strcpy(*host,h1->h_name);
diff --git a/src/lib/libssl/src/apps/sess_id.c b/src/lib/libssl/src/apps/sess_id.c
index 71d5aa0b7c..60cc3f1e49 100644
--- a/src/lib/libssl/src/apps/sess_id.c
+++ b/src/lib/libssl/src/apps/sess_id.c
@@ -206,7 +206,15 @@ bad:
                         }
 
                 if (outfile == NULL)
+                        {
                         BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        out = BIO_push(tmpbio, out);
+                        }
+#endif
+                        }
                 else
                         {
                         if (BIO_write_filename(out,outfile) <= 0)
@@ -262,7 +270,7 @@ bad:
                 }
         ret=0;
 end:
-        if (out != NULL) BIO_free(out);
+        if (out != NULL) BIO_free_all(out);
         if (x != NULL) SSL_SESSION_free(x);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 7dc66d6ecd..16b940084b 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -64,12 +64,10 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG smime_main
-static X509 *load_cert(char *file);
-static EVP_PKEY *load_key(char *file, char *pass);
-static STACK_OF(X509) *load_certs(char *file);
 static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 
@@ -84,13 +82,14 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+        ENGINE *e = NULL;
         int operation = 0;
         int ret = 0;
         char **args;
         char *inmode = "r", *outmode = "w";
         char *infile = NULL, *outfile = NULL;
         char *signerfile = NULL, *recipfile = NULL;
-        char *certfile = NULL, *keyfile = NULL;
+        char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
         EVP_CIPHER *cipher = NULL;
         PKCS7 *p7 = NULL;
         X509_STORE *store = NULL;
@@ -105,8 +104,10 @@ int MAIN(int argc, char **argv)
         char *passargin = NULL, *passin = NULL;
         char *inrand = NULL;
         int need_rand = 0;
-        args = argv + 1;
+        int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+        char *engine=NULL;
 
+        args = argv + 1;
         ret = 1;
 
         while (!badarg && *args && *args[0] == '-') {
@@ -143,6 +144,8 @@ int MAIN(int argc, char **argv)
                                 flags |= PKCS7_NOATTR;
                 else if (!strcmp (*args, "-nodetach")) 
                                 flags &= ~PKCS7_DETACHED;
+                else if (!strcmp (*args, "-nosmimecap"))
+                                flags |= PKCS7_NOSMIMECAP;
                 else if (!strcmp (*args, "-binary"))
                                 flags |= PKCS7_BINARY;
                 else if (!strcmp (*args, "-nosigs"))
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
                                 inrand = *args;
                         } else badarg = 1;
                         need_rand = 1;
+                } else if (!strcmp(*args,"-engine")) {
+                        if (args[1]) {
+                                args++;
+                                engine = *args;
+                        } else badarg = 1;
                 } else if (!strcmp(*args,"-passin")) {
                         if (args[1]) {
                                 args++;
@@ -208,11 +216,26 @@ int MAIN(int argc, char **argv)
                                 args++;
                                 infile = *args;
                         } else badarg = 1;
+                } else if (!strcmp (*args, "-inform")) {
+                        if (args[1]) {
+                                args++;
+                                informat = str2fmt(*args);
+                        } else badarg = 1;
+                } else if (!strcmp (*args, "-outform")) {
+                        if (args[1]) {
+                                args++;
+                                outformat = str2fmt(*args);
+                        } else badarg = 1;
                 } else if (!strcmp (*args, "-out")) {
                         if (args[1]) {
                                 args++;
                                 outfile = *args;
                         } else badarg = 1;
+                } else if (!strcmp (*args, "-content")) {
+                        if (args[1]) {
+                                args++;
+                                contfile = *args;
+                        } else badarg = 1;
                 } else badarg = 1;
                 args++;
         }
@@ -264,14 +287,18 @@ int MAIN(int argc, char **argv)
                 BIO_printf (bio_err, "-signer file   signer certificate file\n");
                 BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
                 BIO_printf (bio_err, "-in file       input file\n");
+                BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
                 BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
                 BIO_printf (bio_err, "-out file      output file\n");
+                BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+                BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
                 BIO_printf (bio_err, "-to addr       to address\n");
                 BIO_printf (bio_err, "-from ad       from address\n");
                 BIO_printf (bio_err, "-subject s     subject\n");
                 BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
                 BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
                 BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+                BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
                 BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                 BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
                 BIO_printf(bio_err,  "               the random number generator\n");
@@ -279,6 +306,24 @@ int MAIN(int argc, char **argv)
                 goto end;
         }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
                 BIO_printf(bio_err, "Error getting password\n");
                 goto end;
@@ -295,9 +340,12 @@ int MAIN(int argc, char **argv)
 
         if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
 
-        if(flags & PKCS7_BINARY) {
-                if(operation & SMIME_OP) inmode = "rb";
-                else outmode = "rb";
+        if(operation & SMIME_OP) {
+                if(flags & PKCS7_BINARY) inmode = "rb";
+                if(outformat == FORMAT_ASN1) outmode = "wb";
+        } else {
+                if(flags & PKCS7_BINARY) outmode = "wb";
+                if(informat == FORMAT_ASN1) inmode = "rb";
         }
 
         if(operation == SMIME_ENCRYPT) {
@@ -311,7 +359,7 @@ int MAIN(int argc, char **argv)
                 }
                 encerts = sk_X509_new_null();
                 while (*args) {
-                        if(!(cert = load_cert(*args))) {
+                        if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
                                 BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
                                 goto end;
                         }
@@ -322,14 +370,14 @@ int MAIN(int argc, char **argv)
         }
 
         if(signerfile && (operation == SMIME_SIGN)) {
-                if(!(signer = load_cert(signerfile))) {
+                if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
                         BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
                         goto end;
                 }
         }
 
         if(certfile) {
-                if(!(other = load_certs(certfile))) {
+                if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
                         BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
                         ERR_print_errors(bio_err);
                         goto end;
@@ -337,7 +385,7 @@ int MAIN(int argc, char **argv)
         }
 
         if(recipfile && (operation == SMIME_DECRYPT)) {
-                if(!(recip = load_cert(recipfile))) {
+                if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
                         BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
                         ERR_print_errors(bio_err);
                         goto end;
@@ -351,7 +399,7 @@ int MAIN(int argc, char **argv)
         } else keyfile = NULL;
 
         if(keyfile) {
-                if(!(key = load_key(keyfile, passin))) {
+                if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
                         BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
                         ERR_print_errors(bio_err);
                         goto end;
@@ -372,7 +420,15 @@ int MAIN(int argc, char **argv)
                                  "Can't open output file %s\n", outfile);
                         goto end;
                 }
-        } else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        } else {
+                out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                    out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
 
         if(operation == SMIME_VERIFY) {
                 if(!(store = setup_verify(CAfile, CApath))) goto end;
@@ -386,10 +442,28 @@ int MAIN(int argc, char **argv)
                 p7 = PKCS7_sign(signer, key, other, in, flags);
                 BIO_reset(in);
         } else {
-                if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
+                if(informat == FORMAT_SMIME) 
+                        p7 = SMIME_read_PKCS7(in, &indata);
+                else if(informat == FORMAT_PEM) 
+                        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+                else if(informat == FORMAT_ASN1) 
+                        p7 = d2i_PKCS7_bio(in, NULL);
+                else {
+                        BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+                        goto end;
+                }
+
+                if(!p7) {
                         BIO_printf(bio_err, "Error reading S/MIME message\n");
                         goto end;
                 }
+                if(contfile) {
+                        BIO_free(indata);
+                        if(!(indata = BIO_new_file(contfile, "rb"))) {
+                                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                                goto end;
+                        }
+                }
         }
 
         if(!p7) {
@@ -425,7 +499,16 @@ int MAIN(int argc, char **argv)
                 if(to) BIO_printf(out, "To: %s\n", to);
                 if(from) BIO_printf(out, "From: %s\n", from);
                 if(subject) BIO_printf(out, "Subject: %s\n", subject);
-                SMIME_write_PKCS7(out, p7, in, flags);
+                if(outformat == FORMAT_SMIME) 
+                        SMIME_write_PKCS7(out, p7, in, flags);
+                else if(outformat == FORMAT_PEM) 
+                        PEM_write_bio_PKCS7(out,p7);
+                else if(outformat == FORMAT_ASN1) 
+                        i2d_PKCS7_bio(out,p7);
+                else {
+                        BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+                        goto end;
+                }
         }
         ret = 0;
 end:
@@ -442,54 +525,11 @@ end:
         PKCS7_free(p7);
         BIO_free(in);
         BIO_free(indata);
-        BIO_free(out);
-        if(passin) Free(passin);
+        BIO_free_all(out);
+        if(passin) OPENSSL_free(passin);
         return (ret);
 }
 
-static X509 *load_cert(char *file)
-{
-        BIO *in;
-        X509 *cert;
-        if(!(in = BIO_new_file(file, "r"))) return NULL;
-        cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
-        BIO_free(in);
-        return cert;
-}
-
-static EVP_PKEY *load_key(char *file, char *pass)
-{
-        BIO *in;
-        EVP_PKEY *key;
-        if(!(in = BIO_new_file(file, "r"))) return NULL;
-        key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
-        BIO_free(in);
-        return key;
-}
-
-static STACK_OF(X509) *load_certs(char *file)
-{
-        BIO *in;
-        int i;
-        STACK_OF(X509) *othercerts;
-        STACK_OF(X509_INFO) *allcerts;
-        X509_INFO *xi;
-        if(!(in = BIO_new_file(file, "r"))) return NULL;
-        othercerts = sk_X509_new(NULL);
-        if(!othercerts) return NULL;
-        allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-        for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
-                xi = sk_X509_INFO_value (allcerts, i);
-                if (xi->x509) {
-                        sk_X509_push(othercerts, xi->x509);
-                        xi->x509 = NULL;
-                }
-        }
-        sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
-        BIO_free(in);
-        return othercerts;
-}
-
 static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
         X509_STORE *store;
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index f7a8e00a8b..ba41916371 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -81,17 +81,27 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
-#define TIMES
+#if defined(__FreeBSD__)
+# define USE_TOD
+#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+# define TIMES
+#endif
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
+# define TIMEB
 #endif
 
 #ifndef _IRIX
-#include <time.h>
+# include <time.h>
 #endif
 #ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+#ifdef USE_TOD
+# include <sys/time.h>
+# include <sys/resource.h>
 #endif
 
 /* Depending on the VMS version, the tms structure is perhaps defined.
@@ -102,10 +112,14 @@
 #undef TIMES
 #endif
 
-#ifndef TIMES
+#ifdef TIMEB
 #include <sys/timeb.h>
 #endif
 
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
+#error "It seems neither struct tms nor struct timeb is supported in this platform!"
+#endif
+
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
@@ -121,6 +135,9 @@
 #ifndef NO_MDC2
 #include <openssl/mdc2.h>
 #endif
+#ifndef NO_MD4
+#include <openssl/md4.h>
+#endif
 #ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -178,7 +195,7 @@
 #define BUFSIZE ((long)1024*8+1)
 int run=0;
 
-static double Time_F(int s);
+static double Time_F(int s, int usertime);
 static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
 #ifdef SIGALRM
@@ -202,39 +219,91 @@ static SIGRETTYPE sig_done(int sig)
 #define START   0
 #define STOP    1
 
-static double Time_F(int s)
+static double Time_F(int s, int usertime)
         {
         double ret;
-#ifdef TIMES
-        static struct tms tstart,tend;
 
-        if (s == START)
-                {
-                times(&tstart);
-                return(0);
+#ifdef USE_TOD
+        if(usertime)
+            {
+                static struct rusage tstart,tend;
+
+                if (s == START)
+                        {
+                        getrusage(RUSAGE_SELF,&tstart);
+                        return(0);
+                        }
+                else
+                        {
+                        long i;
+
+                        getrusage(RUSAGE_SELF,&tend);
+                        i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
+                        ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
+                          +((double)i)/1000000.0;
+                        return((ret < 0.001)?0.001:ret);
+                        }
                 }
         else
                 {
-                times(&tend);
-                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-                return((ret < 1e-3)?1e-3:ret);
-                }
-#else /* !times() */
-        static struct timeb tstart,tend;
-        long i;
+                static struct timeval tstart,tend;
+                long i;
 
-        if (s == START)
+                if (s == START)
+                        {
+                        gettimeofday(&tstart,NULL);
+                        return(0);
+                        }
+                else
+                        {
+                        gettimeofday(&tend,NULL);
+                        i=(long)tend.tv_usec-(long)tstart.tv_usec;
+                        ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
+                        return((ret < 0.001)?0.001:ret);
+                        }
+                }
+#else  /* ndef USE_TOD */
+                
+# ifdef TIMES
+        if (usertime)
                 {
-                ftime(&tstart);
-                return(0);
+                static struct tms tstart,tend;
+
+                if (s == START)
+                        {
+                        times(&tstart);
+                        return(0);
+                        }
+                else
+                        {
+                        times(&tend);
+                        ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                        return((ret < 1e-3)?1e-3:ret);
+                        }
                 }
+# endif /* times() */
+# if defined(TIMES) && defined(TIMEB)
         else
+# endif
+# ifdef TIMEB
                 {
-                ftime(&tend);
-                i=(long)tend.millitm-(long)tstart.millitm;
-                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-                return((ret < 0.001)?0.001:ret);
+                static struct timeb tstart,tend;
+                long i;
+
+                if (s == START)
+                        {
+                        ftime(&tstart);
+                        return(0);
+                        }
+                else
+                        {
+                        ftime(&tend);
+                        i=(long)tend.millitm-(long)tstart.millitm;
+                        ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                        return((ret < 0.001)?0.001:ret);
+                        }
                 }
+# endif
 #endif
         }
 
@@ -242,21 +311,25 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e;
         unsigned char *buf=NULL,*buf2=NULL;
         int mret=1;
-#define ALGOR_NUM       14
+#define ALGOR_NUM       15
 #define SIZE_NUM        5
 #define RSA_NUM         4
 #define DSA_NUM         3
         long count,rsa_count;
         int i,j,k;
-        unsigned rsa_num,rsa_num2;
+        unsigned rsa_num;
 #ifndef NO_MD2
         unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
 #ifndef NO_MDC2
         unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
+#ifndef NO_MD4
+        unsigned char md4[MD4_DIGEST_LENGTH];
+#endif
 #ifndef NO_MD5
         unsigned char md5[MD5_DIGEST_LENGTH];
         unsigned char hmac[MD5_DIGEST_LENGTH];
@@ -298,23 +371,24 @@ int MAIN(int argc, char **argv)
 #endif
 #define D_MD2           0
 #define D_MDC2          1
-#define D_MD5           2
-#define D_HMAC          3
-#define D_SHA1          4
-#define D_RMD160        5
-#define D_RC4           6
-#define D_CBC_DES       7
-#define D_EDE3_DES      8
-#define D_CBC_IDEA      9
-#define D_CBC_RC2       10
-#define D_CBC_RC5       11
-#define D_CBC_BF        12
-#define D_CBC_CAST      13
+#define D_MD4           2
+#define D_MD5           3
+#define D_HMAC          4
+#define D_SHA1          5
+#define D_RMD160        6
+#define D_RC4           7
+#define D_CBC_DES       8
+#define D_EDE3_DES      9
+#define D_CBC_IDEA      10
+#define D_CBC_RC2       11
+#define D_CBC_RC5       12
+#define D_CBC_BF        13
+#define D_CBC_CAST      14
         double d,results[ALGOR_NUM][SIZE_NUM];
         static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
         long c[ALGOR_NUM][SIZE_NUM];
         static char *names[ALGOR_NUM]={
-                "md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
+                "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
                 "des cbc","des ede3","idea cbc",
                 "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define R_DSA_512       0
@@ -345,6 +419,11 @@ int MAIN(int argc, char **argv)
         int dsa_doit[DSA_NUM];
         int doit[ALGOR_NUM];
         int pr_header=0;
+        int usertime=1;
+
+#ifndef TIMES
+        usertime=-1;
+#endif
 
         apps_startup();
         memset(results, 0, sizeof(results));
@@ -362,7 +441,7 @@ int MAIN(int argc, char **argv)
                 rsa_key[i]=NULL;
 #endif
 
-        if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
                 {
                 BIO_printf(bio_err,"out of memory\n");
                 goto end;
@@ -370,7 +449,7 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DES
         buf_as_des_cblock = (des_cblock *)buf;
 #endif
-        if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+        if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
                 {
                 BIO_printf(bio_err,"out of memory\n");
                 goto end;
@@ -391,6 +470,39 @@ int MAIN(int argc, char **argv)
         argv++;
         while (argc)
                 {
+                if      ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
+                        usertime = 0;
+                else
+                if      ((argc > 0) && (strcmp(*argv,"-engine") == 0))
+                        {
+                        argc--;
+                        argv++;
+                        if(argc == 0)
+                                {
+                                BIO_printf(bio_err,"no engine given\n");
+                                goto end;
+                                }
+                        if((e = ENGINE_by_id(*argv)) == NULL)
+                                {
+                                BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                        *argv);
+                                goto end;
+                                }
+                        if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                                {
+                                BIO_printf(bio_err,"can't use that engine\n");
+                                goto end;
+                                }
+                        BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
+                        /* Free our "structural" reference. */
+                        ENGINE_free(e);
+                        /* It will be increased again further down.  We just
+                           don't want speed to confuse an engine with an
+                           algorithm, especially when none is given (which
+                           means all of them should be run) */
+                        j--;
+                        }
+                else
 #ifndef NO_MD2
                 if      (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
                 else
@@ -399,6 +511,10 @@ int MAIN(int argc, char **argv)
                         if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
                 else
 #endif
+#ifndef NO_MD4
+                        if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
+                else
+#endif
 #ifndef NO_MD5
                         if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
                 else
@@ -434,7 +550,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
                         if (strcmp(*argv,"rsaref") == 0) 
                         {
-                        RSA_set_default_method(RSA_PKCS1_RSAref());
+                        RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
                         j--;
                         }
                 else
@@ -442,7 +558,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
                         if (strcmp(*argv,"openssl") == 0) 
                         {
-                        RSA_set_default_method(RSA_PKCS1_SSLeay());
+                        RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
                         j--;
                         }
                 else
@@ -510,8 +626,34 @@ int MAIN(int argc, char **argv)
                 else
 #endif
                         {
-                        BIO_printf(bio_err,"bad value, pick one of\n");
-                        BIO_printf(bio_err,"md2      mdc2       md5      hmac      sha1    rmd160\n");
+                        BIO_printf(bio_err,"Error: bad option or value\n");
+                        BIO_printf(bio_err,"\n");
+                        BIO_printf(bio_err,"Available values:\n");
+#ifndef NO_MD2
+                        BIO_printf(bio_err,"md2      ");
+#endif
+#ifndef NO_MDC2
+                        BIO_printf(bio_err,"mdc2     ");
+#endif
+#ifndef NO_MD4
+                        BIO_printf(bio_err,"md4      ");
+#endif
+#ifndef NO_MD5
+                        BIO_printf(bio_err,"md5      ");
+#ifndef NO_HMAC
+                        BIO_printf(bio_err,"hmac     ");
+#endif
+#endif
+#ifndef NO_SHA1
+                        BIO_printf(bio_err,"sha1     ");
+#endif
+#ifndef NO_RIPEMD160
+                        BIO_printf(bio_err,"rmd160");
+#endif
+#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
+                        BIO_printf(bio_err,"\n");
+#endif
+
 #ifndef NO_IDEA
                         BIO_printf(bio_err,"idea-cbc ");
 #endif
@@ -524,20 +666,49 @@ int MAIN(int argc, char **argv)
 #ifndef NO_BF
                         BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
                         BIO_printf(bio_err,"\n");
 #endif
+
                         BIO_printf(bio_err,"des-cbc  des-ede3 ");
 #ifndef NO_RC4
                         BIO_printf(bio_err,"rc4");
 #endif
+                        BIO_printf(bio_err,"\n");
+
 #ifndef NO_RSA
-                        BIO_printf(bio_err,"\nrsa512   rsa1024  rsa2048  rsa4096\n");
+                        BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
 #endif
+
 #ifndef NO_DSA
-                        BIO_printf(bio_err,"\ndsa512   dsa1024  dsa2048\n");
+                        BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+#endif
+
+#ifndef NO_IDEA
+                        BIO_printf(bio_err,"idea     ");
+#endif
+#ifndef NO_RC2
+                        BIO_printf(bio_err,"rc2      ");
+#endif
+#ifndef NO_DES
+                        BIO_printf(bio_err,"des      ");
+#endif
+#ifndef NO_RSA
+                        BIO_printf(bio_err,"rsa      ");
+#endif
+#ifndef NO_BF
+                        BIO_printf(bio_err,"blowfish");
+#endif
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
+                        BIO_printf(bio_err,"\n");
 #endif
-                        BIO_printf(bio_err,"idea     rc2      des      rsa    blowfish\n");
+
+                        BIO_printf(bio_err,"\n");
+                        BIO_printf(bio_err,"Available options:\n");
+#ifdef TIMES
+                        BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+#endif
+                        BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
                         goto end;
                         }
                 argc--;
@@ -557,10 +728,13 @@ int MAIN(int argc, char **argv)
         for (i=0; i<ALGOR_NUM; i++)
                 if (doit[i]) pr_header++;
 
-#ifndef TIMES
-        BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
-        BIO_printf(bio_err,"program when this computer is idle.\n");
-#endif
+        if (usertime == 0)
+                BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
+        if (usertime <= 0)
+                {
+                BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+                BIO_printf(bio_err,"program when this computer is idle.\n");
+                }
 
 #ifndef NO_RSA
         for (i=0; i<RSA_NUM; i++)
@@ -624,14 +798,15 @@ int MAIN(int argc, char **argv)
         do      {
                 long i;
                 count*=2;
-                Time_F(START);
+                Time_F(START,usertime);
                 for (i=count; i; i--)
                         des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
                                 &(sch[0]),DES_ENCRYPT);
-                d=Time_F(STOP);
+                d=Time_F(STOP,usertime);
                 } while (d <3);
         c[D_MD2][0]=count/10;
         c[D_MDC2][0]=count/10;
+        c[D_MD4][0]=count;
         c[D_MD5][0]=count;
         c[D_HMAC][0]=count;
         c[D_SHA1][0]=count;
@@ -649,6 +824,7 @@ int MAIN(int argc, char **argv)
                 {
                 c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
                 c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
+                c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
                 c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
                 c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
                 c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
@@ -725,10 +901,10 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_MD2][j]); count++)
                                 MD2(buf,(unsigned long)lengths[j],&(md2[0]));
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_MD2],d);
                         results[D_MD2][j]=((double)count)/d*lengths[j];
@@ -741,10 +917,10 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_MDC2][j]); count++)
                                 MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_MDC2],d);
                         results[D_MDC2][j]=((double)count)/d*lengths[j];
@@ -752,16 +928,33 @@ int MAIN(int argc, char **argv)
                 }
 #endif
 
+#ifndef NO_MD4
+        if (doit[D_MD4])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+                        Time_F(START,usertime);
+                        for (count=0,run=1; COND(c[D_MD4][j]); count++)
+                                MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
+                        d=Time_F(STOP,usertime);
+                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+                                count,names[D_MD4],d);
+                        results[D_MD4][j]=((double)count)/d*lengths[j];
+                        }
+                }
+#endif
+
 #ifndef NO_MD5
         if (doit[D_MD5])
                 {
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_MD5][j]); count++)
                                 MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_MD5],d);
                         results[D_MD5][j]=((double)count)/d*lengths[j];
@@ -779,14 +972,14 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_HMAC][j]); count++)
                                 {
                                 HMAC_Init(&hctx,NULL,0,NULL);
                                 HMAC_Update(&hctx,buf,lengths[j]);
                                 HMAC_Final(&hctx,&(hmac[0]),NULL);
                                 }
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_HMAC],d);
                         results[D_HMAC][j]=((double)count)/d*lengths[j];
@@ -799,10 +992,10 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_SHA1][j]); count++)
                                 SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_SHA1],d);
                         results[D_SHA1][j]=((double)count)/d*lengths[j];
@@ -815,10 +1008,10 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_RMD160][j]); count++)
                                 RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_RMD160],d);
                         results[D_RMD160][j]=((double)count)/d*lengths[j];
@@ -831,11 +1024,11 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_RC4][j]); count++)
                                 RC4(&rc4_ks,(unsigned int)lengths[j],
                                         buf,buf);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_RC4],d);
                         results[D_RC4][j]=((double)count)/d*lengths[j];
@@ -848,11 +1041,11 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
                                 des_ncbc_encrypt(buf,buf,lengths[j],sch,
                                                  &iv,DES_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_DES],d);
                         results[D_CBC_DES][j]=((double)count)/d*lengths[j];
@@ -864,12 +1057,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
                                 des_ede3_cbc_encrypt(buf,buf,lengths[j],
                                                      sch,sch2,sch3,
                                                      &iv,DES_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_EDE3_DES],d);
                         results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
@@ -882,12 +1075,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
                                 idea_cbc_encrypt(buf,buf,
                                         (unsigned long)lengths[j],&idea_ks,
                                         iv,IDEA_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_IDEA],d);
                         results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
@@ -900,12 +1093,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
                                 RC2_cbc_encrypt(buf,buf,
                                         (unsigned long)lengths[j],&rc2_ks,
                                         iv,RC2_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_RC2],d);
                         results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
@@ -918,12 +1111,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
                                 RC5_32_cbc_encrypt(buf,buf,
                                         (unsigned long)lengths[j],&rc5_ks,
                                         iv,RC5_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_RC5],d);
                         results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
@@ -936,12 +1129,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
                                 BF_cbc_encrypt(buf,buf,
                                         (unsigned long)lengths[j],&bf_ks,
                                         iv,BF_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_BF],d);
                         results[D_CBC_BF][j]=((double)count)/d*lengths[j];
@@ -954,12 +1147,12 @@ int MAIN(int argc, char **argv)
                 for (j=0; j<SIZE_NUM; j++)
                         {
                         print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
-                        Time_F(START);
+                        Time_F(START,usertime);
                         for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
                                 CAST_cbc_encrypt(buf,buf,
                                         (unsigned long)lengths[j],&cast_ks,
                                         iv,CAST_ENCRYPT);
-                        d=Time_F(STOP);
+                        d=Time_F(STOP,usertime);
                         BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                 count,names[D_CBC_CAST],d);
                         results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
@@ -974,49 +1167,73 @@ int MAIN(int argc, char **argv)
                 int ret;
                 if (!rsa_doit[j]) continue;
                 ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
-                pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
-                        RSA_SECONDS);
-/*              RSA_blinding_on(rsa_key[j],NULL); */
-                Time_F(START);
-                for (count=0,run=1; COND(rsa_c[j][0]); count++)
+                if (ret == 0)
+                        {
+                        BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");
+                        ERR_print_errors(bio_err);
+                        rsa_count=1;
+                        }
+                else
                         {
-                        ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
-                                                                 rsa_key[j]);
-                        if (ret <= 0)
+                        pkey_print_message("private","rsa",
+                                rsa_c[j][0],rsa_bits[j],
+                                RSA_SECONDS);
+/*                      RSA_blinding_on(rsa_key[j],NULL); */
+                        Time_F(START,usertime);
+                        for (count=0,run=1; COND(rsa_c[j][0]); count++)
                                 {
-                                BIO_printf(bio_err,"RSA private encrypt failure\n");
-                                ERR_print_errors(bio_err);
-                                count=1;
-                                break;
+                                ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
+                                        &rsa_num, rsa_key[j]);
+                                if (ret == 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "RSA sign failure\n");
+                                        ERR_print_errors(bio_err);
+                                        count=1;
+                                        break;
+                                        }
                                 }
+                        d=Time_F(STOP,usertime);
+                        BIO_printf(bio_err,
+                                "%ld %d bit private RSA's in %.2fs\n",
+                                count,rsa_bits[j],d);
+                        rsa_results[j][0]=d/(double)count;
+                        rsa_count=count;
                         }
-                d=Time_F(STOP);
-                BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
-                        count,rsa_bits[j],d);
-                rsa_results[j][0]=d/(double)count;
-                rsa_count=count;
 
 #if 1
                 ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
-                pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
-                        RSA_SECONDS);
-                Time_F(START);
-                for (count=0,run=1; COND(rsa_c[j][1]); count++)
+                if (ret <= 0)
+                        {
+                        BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
+                        ERR_print_errors(bio_err);
+                        dsa_doit[j] = 0;
+                        }
+                else
                         {
-                        ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
-                                                                rsa_key[j]);
-                        if (ret <= 0)
+                        pkey_print_message("public","rsa",
+                                rsa_c[j][1],rsa_bits[j],
+                                RSA_SECONDS);
+                        Time_F(START,usertime);
+                        for (count=0,run=1; COND(rsa_c[j][1]); count++)
                                 {
-                                BIO_printf(bio_err,"RSA verify failure\n");
-                                ERR_print_errors(bio_err);
-                                count=1;
-                                break;
+                                ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+                                        rsa_num, rsa_key[j]);
+                                if (ret == 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "RSA verify failure\n");
+                                        ERR_print_errors(bio_err);
+                                        count=1;
+                                        break;
+                                        }
                                 }
+                        d=Time_F(STOP,usertime);
+                        BIO_printf(bio_err,
+                                "%ld %d bit public RSA's in %.2fs\n",
+                                count,rsa_bits[j],d);
+                        rsa_results[j][1]=d/(double)count;
                         }
-                d=Time_F(STOP);
-                BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
-                        count,rsa_bits[j],d);
-                rsa_results[j][1]=d/(double)count;
 #endif
 
                 if (rsa_count <= 1)
@@ -1038,54 +1255,77 @@ int MAIN(int argc, char **argv)
         for (j=0; j<DSA_NUM; j++)
                 {
                 unsigned int kk;
+                int ret;
 
                 if (!dsa_doit[j]) continue;
                 DSA_generate_key(dsa_key[j]);
 /*              DSA_sign_setup(dsa_key[j],NULL); */
-                rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+                ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
                         &kk,dsa_key[j]);
-                pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
-                        DSA_SECONDS);
-                Time_F(START);
-                for (count=0,run=1; COND(dsa_c[j][0]); count++)
+                if (ret == 0)
+                        {
+                        BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");
+                        ERR_print_errors(bio_err);
+                        rsa_count=1;
+                        }
+                else
                         {
-                        rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-                                &kk,dsa_key[j]);
-                        if (rsa_num == 0)
+                        pkey_print_message("sign","dsa",
+                                dsa_c[j][0],dsa_bits[j],
+                                DSA_SECONDS);
+                        Time_F(START,usertime);
+                        for (count=0,run=1; COND(dsa_c[j][0]); count++)
                                 {
-                                BIO_printf(bio_err,"DSA sign failure\n");
-                                ERR_print_errors(bio_err);
-                                count=1;
-                                break;
+                                ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+                                        &kk,dsa_key[j]);
+                                if (ret == 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "DSA sign failure\n");
+                                        ERR_print_errors(bio_err);
+                                        count=1;
+                                        break;
+                                        }
                                 }
+                        d=Time_F(STOP,usertime);
+                        BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+                                count,dsa_bits[j],d);
+                        dsa_results[j][0]=d/(double)count;
+                        rsa_count=count;
                         }
-                d=Time_F(STOP);
-                BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
-                        count,dsa_bits[j],d);
-                dsa_results[j][0]=d/(double)count;
-                rsa_count=count;
 
-                rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+                ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
                         kk,dsa_key[j]);
-                pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
-                        DSA_SECONDS);
-                Time_F(START);
-                for (count=0,run=1; COND(dsa_c[j][1]); count++)
+                if (ret <= 0)
+                        {
+                        BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");
+                        ERR_print_errors(bio_err);
+                        dsa_doit[j] = 0;
+                        }
+                else
                         {
-                        rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-                                kk,dsa_key[j]);
-                        if (rsa_num2 == 0)
+                        pkey_print_message("verify","dsa",
+                                dsa_c[j][1],dsa_bits[j],
+                                DSA_SECONDS);
+                        Time_F(START,usertime);
+                        for (count=0,run=1; COND(dsa_c[j][1]); count++)
                                 {
-                                BIO_printf(bio_err,"DSA verify failure\n");
-                                ERR_print_errors(bio_err);
-                                count=1;
-                                break;
+                                ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+                                        kk,dsa_key[j]);
+                                if (ret <= 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "DSA verify failure\n");
+                                        ERR_print_errors(bio_err);
+                                        count=1;
+                                        break;
+                                        }
                                 }
+                        d=Time_F(STOP,usertime);
+                        BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+                                count,dsa_bits[j],d);
+                        dsa_results[j][1]=d/(double)count;
                         }
-                d=Time_F(STOP);
-                BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
-                        count,dsa_bits[j],d);
-                dsa_results[j][1]=d/(double)count;
 
                 if (rsa_count <= 1)
                         {
@@ -1173,8 +1413,9 @@ int MAIN(int argc, char **argv)
 #endif
         mret=0;
 end:
-        if (buf != NULL) Free(buf);
-        if (buf2 != NULL) Free(buf2);
+        ERR_print_errors(bio_err);
+        if (buf != NULL) OPENSSL_free(buf);
+        if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
         for (i=0; i<RSA_NUM; i++)
                 if (rsa_key[i] != NULL)
diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c
index f3ee7e34e3..d7e46782f7 100644
--- a/src/lib/libssl/src/apps/spkac.c
+++ b/src/lib/libssl/src/apps/spkac.c
@@ -69,6 +69,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int i,badops=0, ret = 1;
         BIO *in = NULL,*out = NULL, *key = NULL;
         int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
         LHASH *conf = NULL;
         NETSCAPE_SPKI *spki = NULL;
         EVP_PKEY *pkey = NULL;
+        char *engine=NULL;
 
         apps_startup();
 
@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         spksect= *(++argv);
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-noout") == 0)
                         noout=1;
                 else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
                 BIO_printf(bio_err," -noout         don't print SPKAC\n");
                 BIO_printf(bio_err," -pubkey        output public key\n");
                 BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+                BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
                 goto end;
                 }
 
@@ -170,6 +179,24 @@ bad:
                 goto end;
         }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if(keyfile) {
                 if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
                 else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -192,7 +219,15 @@ bad:
                 spkstr = NETSCAPE_SPKI_b64_encode(spki);
 
                 if (outfile) out = BIO_new_file(outfile, "w");
-                else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+                else {
+                        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                        {
+                            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                            out = BIO_push(tmpbio, out);
+                        }
+#endif
+                }
 
                 if(!out) {
                         BIO_printf(bio_err, "Error opening output file\n");
@@ -200,7 +235,7 @@ bad:
                         goto end;
                 }
                 BIO_printf(out, "SPKAC=%s\n", spkstr);
-                Free(spkstr);
+                OPENSSL_free(spkstr);
                 ret = 0;
                 goto end;
         }
@@ -241,7 +276,15 @@ bad:
         }
 
         if (outfile) out = BIO_new_file(outfile, "w");
-        else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        else {
+                out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+                {
+                    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                    out = BIO_push(tmpbio, out);
+                }
+#endif
+        }
 
         if(!out) {
                 BIO_printf(bio_err, "Error opening output file\n");
@@ -268,9 +311,9 @@ end:
         CONF_free(conf);
         NETSCAPE_SPKI_free(spki);
         BIO_free(in);
-        BIO_free(out);
+        BIO_free_all(out);
         BIO_free(key);
         EVP_PKEY_free(pkey);
-        if(passin) Free(passin);
+        if(passin) OPENSSL_free(passin);
         EXIT(ret);
         }
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
index 267ee4ecd7..f384de6d29 100644
--- a/src/lib/libssl/src/apps/verify.c
+++ b/src/lib/libssl/src/apps/verify.c
@@ -65,26 +65,29 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG    verify_main
 
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx,char *file, STACK_OF(X509)*other, int purpose);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
 static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0;
+static int v_verbose=0, issuer_checks = 0;
 
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int i,ret=1;
         int purpose = -1;
         char *CApath=NULL,*CAfile=NULL;
-        char *untfile = NULL;
-        STACK_OF(X509) *untrusted = NULL;
+        char *untfile = NULL, *trustfile = NULL;
+        STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
         X509_STORE *cert_ctx=NULL;
         X509_LOOKUP *lookup=NULL;
+        char *engine=NULL;
 
         cert_ctx=X509_STORE_new();
         if (cert_ctx == NULL) goto end;
@@ -132,8 +135,20 @@ int MAIN(int argc, char **argv)
                                 if (argc-- < 1) goto end;
                                 untfile= *(++argv);
                                 }
+                        else if (strcmp(*argv,"-trusted") == 0)
+                                {
+                                if (argc-- < 1) goto end;
+                                trustfile= *(++argv);
+                                }
+                        else if (strcmp(*argv,"-engine") == 0)
+                                {
+                                if (--argc < 1) goto end;
+                                engine= *(++argv);
+                                }
                         else if (strcmp(*argv,"-help") == 0)
                                 goto end;
+                        else if (strcmp(*argv,"-issuer_checks") == 0)
+                                issuer_checks=1;
                         else if (strcmp(*argv,"-verbose") == 0)
                                 v_verbose=1;
                         else if (argv[0][0] == '-')
@@ -147,6 +162,24 @@ int MAIN(int argc, char **argv)
                         break;
                 }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
         if (lookup == NULL) abort();
         if (CAfile) {
@@ -179,14 +212,22 @@ int MAIN(int argc, char **argv)
                 }
         }
 
-        if (argc < 1) check(cert_ctx, NULL, untrusted, purpose);
+        if(trustfile) {
+                if(!(trusted = load_untrusted(trustfile))) {
+                        BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+        }
+
+        if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
         else
                 for (i=0; i<argc; i++)
-                        check(cert_ctx,argv[i], untrusted, purpose);
+                        check(cert_ctx,argv[i], untrusted, trusted, purpose);
         ret=0;
 end:
         if (ret == 1) {
-                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
                 BIO_printf(bio_err,"recognized usages:\n");
                 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
                         X509_PURPOSE *ptmp;
@@ -197,10 +238,11 @@ end:
         }
         if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
         sk_X509_pop_free(untrusted, X509_free);
+        sk_X509_pop_free(trusted, X509_free);
         EXIT(ret);
         }
 
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpose)
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
         {
         X509 *x=NULL;
         BIO *in=NULL;
@@ -242,7 +284,10 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpos
                 goto end;
                 }
         X509_STORE_CTX_init(csc,ctx,x,uchain);
+        if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
         if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
+        if(issuer_checks)
+                X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
         i=X509_verify_cert(csc);
         X509_STORE_CTX_free(csc);
 
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 2d6384184c..0c0d42a0ac 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG x509_main
@@ -81,8 +82,6 @@
 #define POSTFIX ".srl"
 #define DEF_DAYS        30
 
-#define CERT_HDR        "certificate"
-
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
@@ -97,6 +96,7 @@ static char *x509_usage[]={
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
+" -email          - print email address(es)\n",
 " -startdate      - notBefore field\n",
 " -enddate        - notAfter field\n",
 " -purpose        - print out certificate purposes\n",
@@ -113,6 +113,8 @@ static char *x509_usage[]={
 " -addreject arg  - reject certificate for a given purpose\n",
 " -setalias arg   - set certificate alias\n",
 " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg   - check whether the cert expires in the next arg seconds\n",
+"                   exit 1 if so, 0 if not\n",
 " -signkey arg    - self sign cert with arg\n",
 " -x509toreq      - output a certification request object\n",
 " -req            - input is a certificate request, sign and output.\n",
@@ -127,12 +129,12 @@ static char *x509_usage[]={
 " -extfile        - configuration file with X509V3 extensions to add\n",
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
+" -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format, char *passin);
-static X509 *load_cert(char *file, int format);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
                                                 LHASH *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
@@ -145,6 +147,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
         {
+        ENGINE *e = NULL;
         int ret=1;
         X509_REQ *req=NULL;
         X509 *x=NULL,*xca=NULL;
@@ -159,7 +162,7 @@ int MAIN(int argc, char **argv)
         char *CAkeyfile=NULL,*CAserial=NULL;
         char *alias=NULL;
         int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-        int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+        int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
         int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
         int C=0;
         int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
@@ -173,6 +176,9 @@ int MAIN(int argc, char **argv)
         LHASH *extconf = NULL;
         char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
         int need_rand = 0;
+        int checkend=0,checkoffset=0;
+        unsigned long nmflag = 0;
+        char *engine=NULL;
 
         reqfile=0;
 
@@ -181,6 +187,12 @@ int MAIN(int argc, char **argv)
         if (bio_err == NULL)
                 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
         STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef VMS
+        {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        STDout = BIO_push(tmpbio, STDout);
+        }
+#endif
 
         informat=FORMAT_PEM;
         outformat=FORMAT_PEM;
@@ -289,24 +301,26 @@ int MAIN(int argc, char **argv)
                 else if (strcmp(*argv,"-addtrust") == 0)
                         {
                         if (--argc < 1) goto bad;
-                        if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                        if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+                                {
                                 BIO_printf(bio_err,
                                         "Invalid trust object value %s\n", *argv);
                                 goto bad;
-                        }
-                        if(!trust) trust = sk_ASN1_OBJECT_new_null();
+                                }
+                        if (!trust) trust = sk_ASN1_OBJECT_new_null();
                         sk_ASN1_OBJECT_push(trust, objtmp);
                         trustout = 1;
                         }
                 else if (strcmp(*argv,"-addreject") == 0)
                         {
                         if (--argc < 1) goto bad;
-                        if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                        if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+                                {
                                 BIO_printf(bio_err,
                                         "Invalid reject object value %s\n", *argv);
                                 goto bad;
-                        }
-                        if(!reject) reject = sk_ASN1_OBJECT_new_null();
+                                }
+                        if (!reject) reject = sk_ASN1_OBJECT_new_null();
                         sk_ASN1_OBJECT_push(reject, objtmp);
                         trustout = 1;
                         }
@@ -316,14 +330,26 @@ int MAIN(int argc, char **argv)
                         alias= *(++argv);
                         trustout = 1;
                         }
+                else if (strcmp(*argv,"-nameopt") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+                        }
                 else if (strcmp(*argv,"-setalias") == 0)
                         {
                         if (--argc < 1) goto bad;
                         alias= *(++argv);
                         trustout = 1;
                         }
+                else if (strcmp(*argv,"-engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        engine= *(++argv);
+                        }
                 else if (strcmp(*argv,"-C") == 0)
                         C= ++num;
+                else if (strcmp(*argv,"-email") == 0)
+                        email= ++num;
                 else if (strcmp(*argv,"-serial") == 0)
                         serial= ++num;
                 else if (strcmp(*argv,"-modulus") == 0)
@@ -353,6 +379,12 @@ int MAIN(int argc, char **argv)
                         startdate= ++num;
                 else if (strcmp(*argv,"-enddate") == 0)
                         enddate= ++num;
+                else if (strcmp(*argv,"-checkend") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        checkoffset=atoi(*(++argv));
+                        checkend=1;
+                        }
                 else if (strcmp(*argv,"-noout") == 0)
                         noout= ++num;
                 else if (strcmp(*argv,"-trustout") == 0)
@@ -397,15 +429,34 @@ bad:
                 goto end;
                 }
 
+        if (engine != NULL)
+                {
+                if((e = ENGINE_by_id(engine)) == NULL)
+                        {
+                        BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                engine);
+                        goto end;
+                        }
+                if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                        {
+                        BIO_printf(bio_err,"can't use that engine\n");
+                        goto end;
+                        }
+                BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+                /* Free our "structural" reference. */
+                ENGINE_free(e);
+                }
+
         if (need_rand)
                 app_RAND_load_file(NULL, bio_err, 0);
 
         ERR_load_crypto_strings();
 
-        if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+        if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+                {
                 BIO_printf(bio_err, "Error getting password\n");
                 goto end;
-        }
+                }
 
         if (!X509_STORE_set_default_paths(ctx))
                 {
@@ -421,10 +472,12 @@ bad:
                 goto end;
                 }
 
-        if (extfile) {
+        if (extfile)
+                {
                 long errorline;
                 X509V3_CTX ctx2;
-                if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
+                if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+                        {
                         if (errorline <= 0)
                                 BIO_printf(bio_err,
                                         "error loading the config file '%s'\n",
@@ -434,19 +487,20 @@ bad:
                                        "error on line %ld of config file '%s'\n"
                                                         ,errorline,extfile);
                         goto end;
-                }
-                if(!extsect && !(extsect = CONF_get_string(extconf, "default",
+                        }
+                if (!extsect && !(extsect = CONF_get_string(extconf, "default",
                                          "extensions"))) extsect = "default";
                 X509V3_set_ctx_test(&ctx2);
                 X509V3_set_conf_lhash(&ctx2, extconf);
-                if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
+                if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+                        {
                         BIO_printf(bio_err,
                                 "Error Loading extension section %s\n",
                                                                  extsect);
                         ERR_print_errors(bio_err);
                         goto end;
-                }
-        } 
+                        }
+                }
 
 
         if (reqfile)
@@ -474,13 +528,18 @@ bad:
                         if (BIO_read_filename(in,infile) <= 0)
                                 {
                                 perror(infile);
+                                BIO_free(in);
                                 goto end;
                                 }
                         }
                 req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
                 BIO_free(in);
 
-                if (req == NULL) { perror(infile); goto end; }
+                if (req == NULL)
+                        {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
 
                 if (    (req->req_info == NULL) ||
                         (req->req_info->pubkey == NULL) ||
@@ -511,9 +570,8 @@ bad:
                         }
                 else
                         BIO_printf(bio_err,"Signature ok\n");
-                
-                X509_NAME_oneline(req->req_info->subject,buf,256);
-                BIO_printf(bio_err,"subject=%s\n",buf);
+
+                print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 
                 if ((x=X509_new()) == NULL) goto end;
                 ci=x->cert_info;
@@ -530,12 +588,12 @@ bad:
                 EVP_PKEY_free(pkey);
                 }
         else
-                x=load_cert(infile,informat);
+                x=load_cert(bio_err,infile,informat);
 
         if (x == NULL) goto end;
         if (CA_flag)
                 {
-                xca=load_cert(CAfile,CAformat);
+                xca=load_cert(bio_err,CAfile,CAformat);
                 if (xca == NULL) goto end;
                 }
 
@@ -551,7 +609,15 @@ bad:
                         goto end;
                         }
                 if (outfile == NULL)
+                        {
                         BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef VMS
+                        {
+                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                        out = BIO_push(tmpbio, out);
+                        }
+#endif
+                        }
                 else
                         {
                         if (BIO_write_filename(out,outfile) <= 0)
@@ -562,24 +628,28 @@ bad:
                         }
                 }
 
-        if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
+        if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
 
-        if(clrtrust) X509_trust_clear(x);
-        if(clrreject) X509_reject_clear(x);
+        if (clrtrust) X509_trust_clear(x);
+        if (clrreject) X509_reject_clear(x);
 
-        if(trust) {
-                for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+        if (trust)
+                {
+                for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
+                        {
                         objtmp = sk_ASN1_OBJECT_value(trust, i);
                         X509_add1_trust_object(x, objtmp);
+                        }
                 }
-        }
 
-        if(reject) {
-                for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+        if (reject)
+                {
+                for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
+                        {
                         objtmp = sk_ASN1_OBJECT_value(reject, i);
                         X509_add1_reject_object(x, objtmp);
+                        }
                 }
-        }
 
         if (num)
                 {
@@ -587,15 +657,13 @@ bad:
                         {
                         if (issuer == i)
                                 {
-                                X509_NAME_oneline(X509_get_issuer_name(x),
-                                        buf,256);
-                                BIO_printf(STDout,"issuer= %s\n",buf);
+                                print_name(STDout, "issuer= ",
+                                        X509_get_issuer_name(x), nmflag);
                                 }
                         else if (subject == i) 
                                 {
-                                X509_NAME_oneline(X509_get_subject_name(x),
-                                        buf,256);
-                                BIO_printf(STDout,"subject=%s\n",buf);
+                                print_name(STDout, "subject= ",
+                                        X509_get_subject_name(x), nmflag);
                                 }
                         else if (serial == i)
                                 {
@@ -603,11 +671,20 @@ bad:
                                 i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
                                 BIO_printf(STDout,"\n");
                                 }
+                        else if (email == i) 
+                                {
+                                int j;
+                                STACK *emlst;
+                                emlst = X509_get1_email(x);
+                                for (j = 0; j < sk_num(emlst); j++)
+                                        BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+                                X509_email_free(emlst);
+                                }
                         else if (aliasout == i)
                                 {
                                 unsigned char *alstr;
                                 alstr = X509_alias_get0(x, NULL);
-                                if(alstr) BIO_printf(STDout,"%s\n", alstr);
+                                if (alstr) BIO_printf(STDout,"%s\n", alstr);
                                 else BIO_puts(STDout,"<No Alias>\n");
                                 }
                         else if (hash == i)
@@ -619,7 +696,7 @@ bad:
                                 X509_PURPOSE *ptmp;
                                 int j;
                                 BIO_printf(STDout, "Certificate purposes:\n");
-                                for(j = 0; j < X509_PURPOSE_get_count(); j++)
+                                for (j = 0; j < X509_PURPOSE_get_count(); j++)
                                         {
                                         ptmp = X509_PURPOSE_get0(j);
                                         purpose_print(STDout, x, ptmp);
@@ -682,7 +759,7 @@ bad:
                                 BIO_printf(STDout,"/* issuer :%s */\n",buf);
 
                                 z=i2d_X509(x,NULL);
-                                m=Malloc(z);
+                                m=OPENSSL_malloc(z);
 
                                 d=(unsigned char *)m;
                                 z=i2d_X509_NAME(X509_get_subject_name(x),&d);
@@ -720,7 +797,7 @@ bad:
                                 if (y%16 != 0) BIO_printf(STDout,"\n");
                                 BIO_printf(STDout,"};\n");
 
-                                Free(m);
+                                OPENSSL_free(m);
                                 }
                         else if (text == i)
                                 {
@@ -765,7 +842,8 @@ bad:
                                 BIO_printf(bio_err,"Getting Private key\n");
                                 if (Upkey == NULL)
                                         {
-                                        Upkey=load_key(keyfile,keyformat, passin);
+                                        Upkey=load_key(bio_err,
+                                                keyfile,keyformat, passin);
                                         if (Upkey == NULL) goto end;
                                         }
 #ifndef NO_DSA
@@ -782,7 +860,8 @@ bad:
                                 BIO_printf(bio_err,"Getting CA Private Key\n");
                                 if (CAkeyfile != NULL)
                                         {
-                                        CApkey=load_key(CAkeyfile,CAkeyformat, passin);
+                                        CApkey=load_key(bio_err,
+                                                CAkeyfile,CAkeyformat, passin);
                                         if (CApkey == NULL) goto end;
                                         }
 #ifndef NO_DSA
@@ -808,7 +887,8 @@ bad:
                                         }
                                 else
                                         {
-                                        pk=load_key(keyfile,FORMAT_PEM, passin);
+                                        pk=load_key(bio_err,
+                                                keyfile,FORMAT_PEM, passin);
                                         if (pk == NULL) goto end;
                                         }
 
@@ -834,6 +914,23 @@ bad:
                         }
                 }
 
+        if (checkend)
+                {
+                time_t tnow=time(NULL);
+
+                if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
+                        {
+                        BIO_printf(out,"Certificate will expire\n");
+                        ret=1;
+                        }
+                else
+                        {
+                        BIO_printf(out,"Certificate will not expire\n");
+                        ret=0;
+                        }
+                goto end;
+                }
+
         if (noout)
                 {
                 ret=0;
@@ -842,16 +939,18 @@ bad:
 
         if      (outformat == FORMAT_ASN1)
                 i=i2d_X509_bio(out,x);
-        else if (outformat == FORMAT_PEM) {
-                if(trustout) i=PEM_write_bio_X509_AUX(out,x);
+        else if (outformat == FORMAT_PEM)
+                {
+                if (trustout) i=PEM_write_bio_X509_AUX(out,x);
                 else i=PEM_write_bio_X509(out,x);
-        } else if (outformat == FORMAT_NETSCAPE)
+                }
+        else if (outformat == FORMAT_NETSCAPE)
                 {
                 ASN1_HEADER ah;
                 ASN1_OCTET_STRING os;
 
-                os.data=(unsigned char *)CERT_HDR;
-                os.length=strlen(CERT_HDR);
+                os.data=(unsigned char *)NETSCAPE_CERT_HDR;
+                os.length=strlen(NETSCAPE_CERT_HDR);
                 ah.header= &os;
                 ah.data=(char *)x;
                 ah.meth=X509_asn1_meth();
@@ -863,7 +962,8 @@ bad:
                 BIO_printf(bio_err,"bad output format specified for outfile\n");
                 goto end;
                 }
-        if (!i) {
+        if (!i)
+                {
                 BIO_printf(bio_err,"unable to write certificate\n");
                 ERR_print_errors(bio_err);
                 goto end;
@@ -874,8 +974,8 @@ end:
                 app_RAND_write_file(NULL, bio_err);
         OBJ_cleanup();
         CONF_free(extconf);
-        BIO_free(out);
-        BIO_free(STDout);
+        BIO_free_all(out);
+        BIO_free_all(STDout);
         X509_STORE_free(ctx);
         X509_REQ_free(req);
         X509_free(x);
@@ -885,7 +985,7 @@ end:
         X509_REQ_free(rq);
         sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
         sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-        if(passin) Free(passin);
+        if (passin) OPENSSL_free(passin);
         EXIT(ret);
         }
 
@@ -907,7 +1007,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
         EVP_PKEY_free(upkey);
 
         X509_STORE_CTX_init(&xsc,ctx,x,NULL);
-        buf=Malloc(EVP_PKEY_size(pkey)*2+
+        buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
                 ((serialfile == NULL)
                         ?(strlen(CAfile)+strlen(POSTFIX)+1)
                         :(strlen(serialfile)))+1);
@@ -1012,17 +1112,19 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
         if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
                 goto end;
 
-        if(clrext) {
-                while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-        }
+        if (clrext)
+                {
+                while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+                }
 
-        if(conf) {
+        if (conf)
+                {
                 X509V3_CTX ctx2;
                 X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
                 X509V3_set_conf_lhash(&ctx2, conf);
-                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
-        }
+                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+                }
 
         if (!X509_sign(x,pkey,digest)) goto end;
         ret=1;
@@ -1030,16 +1132,15 @@ end:
         X509_STORE_CTX_cleanup(&xsc);
         if (!ret)
                 ERR_print_errors(bio_err);
-        if (buf != NULL) Free(buf);
+        if (buf != NULL) OPENSSL_free(buf);
         if (bs != NULL) ASN1_INTEGER_free(bs);
         if (io != NULL) BIO_free(io);
         if (serial != NULL) BN_free(serial);
-        return(ret);
+        return ret;
         }
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
         {
-        char buf[256];
         int err;
         X509 *err_cert;
 
@@ -1048,7 +1149,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
          * final ok == 1 calls to this function */
         err=X509_STORE_CTX_get_error(ctx);
         if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-                return(1);
+                return 1;
 
         /* BAD we should have gotten an error.  Normally if everything
          * worked X509_STORE_CTX_get_error(ctx) will still be set to
@@ -1056,145 +1157,17 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
         if (ok)
                 {
                 BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
-                return(0);
+                return 0;
                 }
         else
                 {
                 err_cert=X509_STORE_CTX_get_current_cert(ctx);
-                X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-                BIO_printf(bio_err,"%s\n",buf);
+                print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
                 BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
                         err,X509_STORE_CTX_get_error_depth(ctx),
                         X509_verify_cert_error_string(err));
-                return(1);
-                }
-        }
-
-static EVP_PKEY *load_key(char *file, int format, char *passin)
-        {
-        BIO *key=NULL;
-        EVP_PKEY *pkey=NULL;
-
-        if (file == NULL)
-                {
-                BIO_printf(bio_err,"no keyfile specified\n");
-                goto end;
-                }
-        key=BIO_new(BIO_s_file());
-        if (key == NULL)
-                {
-                ERR_print_errors(bio_err);
-                goto end;
-                }
-        if (BIO_read_filename(key,file) <= 0)
-                {
-                perror(file);
-                goto end;
-                }
-        if (format == FORMAT_ASN1)
-                {
-                pkey=d2i_PrivateKey_bio(key, NULL);
-                }
-        else if (format == FORMAT_PEM)
-                {
-                pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
+                return 1;
                 }
-        else
-                {
-                BIO_printf(bio_err,"bad input format specified for key\n");
-                goto end;
-                }
-end:
-        if (key != NULL) BIO_free(key);
-        if (pkey == NULL)
-                BIO_printf(bio_err,"unable to load Private Key\n");
-        return(pkey);
-        }
-
-static X509 *load_cert(char *file, int format)
-        {
-        ASN1_HEADER *ah=NULL;
-        BUF_MEM *buf=NULL;
-        X509 *x=NULL;
-        BIO *cert;
-
-        if ((cert=BIO_new(BIO_s_file())) == NULL)
-                {
-                ERR_print_errors(bio_err);
-                goto end;
-                }
-
-        if (file == NULL)
-                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-        else
-                {
-                if (BIO_read_filename(cert,file) <= 0)
-                        {
-                        perror(file);
-                        goto end;
-                        }
-                }
-        if      (format == FORMAT_ASN1)
-                x=d2i_X509_bio(cert,NULL);
-        else if (format == FORMAT_NETSCAPE)
-                {
-                unsigned char *p,*op;
-                int size=0,i;
-
-                /* We sort of have to do it this way because it is sort of nice
-                 * to read the header first and check it, then
-                 * try to read the certificate */
-                buf=BUF_MEM_new();
-                for (;;)
-                        {
-                        if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-                                goto end;
-                        i=BIO_read(cert,&(buf->data[size]),1024*10);
-                        size+=i;
-                        if (i == 0) break;
-                        if (i < 0)
-                                {
-                                perror("reading certificate");
-                                goto end;
-                                }
-                        }
-                p=(unsigned char *)buf->data;
-                op=p;
-
-                /* First load the header */
-                if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
-                        goto end;
-                if ((ah->header == NULL) || (ah->header->data == NULL) ||
-                        (strncmp(CERT_HDR,(char *)ah->header->data,
-                        ah->header->length) != 0))
-                        {
-                        BIO_printf(bio_err,"Error reading header on certificate\n");
-                        goto end;
-                        }
-                /* header is ok, so now read the object */
-                p=op;
-                ah->meth=X509_asn1_meth();
-                if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-                        goto end;
-                x=(X509 *)ah->data;
-                ah->data=NULL;
-                }
-        else if (format == FORMAT_PEM)
-                x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
-        else    {
-                BIO_printf(bio_err,"bad input format specified for input cert\n");
-                goto end;
-                }
-end:
-        if (x == NULL)
-                {
-                BIO_printf(bio_err,"unable to load certificate\n");
-                ERR_print_errors(bio_err);
-                }
-        if (ah != NULL) ASN1_HEADER_free(ah);
-        if (cert != NULL) BIO_free(cert);
-        if (buf != NULL) BUF_MEM_free(buf);
-        return(x);
         }
 
 /* self sign */
@@ -1220,21 +1193,23 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
                 goto err;
 
         if (!X509_set_pubkey(x,pkey)) goto err;
-        if(clrext) {
-                while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-        }
-        if(conf) {
+        if (clrext)
+                {
+                while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+                }
+        if (conf)
+                {
                 X509V3_CTX ctx;
                 X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
                 X509V3_set_conf_lhash(&ctx, conf);
-                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
-        }
+                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+                }
         if (!X509_sign(x,pkey,digest)) goto err;
-        return(1);
+        return 1;
 err:
         ERR_print_errors(bio_err);
-        return(0);
+        return 0;
         }
 
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
@@ -1243,13 +1218,14 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
         char *pname;
         id = X509_PURPOSE_get_id(pt);
         pname = X509_PURPOSE_get0_name(pt);
-        for(i = 0; i < 2; i++) {
+        for (i = 0; i < 2; i++)
+                {
                 idret = X509_check_purpose(cert, id, i);
                 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
-                if(idret == 1) BIO_printf(bio, "Yes\n");
+                if (idret == 1) BIO_printf(bio, "Yes\n");
                 else if (idret == 0) BIO_printf(bio, "No\n");
                 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-        }
+                }
         return 1;
 }
 
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 53b219a1f9..458838d800 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -71,6 +71,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MPE/iX:*)
+        MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+        echo "parisc-hp-MPE/iX"; exit 0
+        ;;
     A/UX:*)
         echo "m68k-apple-aux3"; exit 0
         ;;
@@ -164,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         ;;
 
     NetBSD:*:*:*386*)
-        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
+        echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
         ;;
 
     NetBSD:*)
@@ -181,11 +185,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 
     QNX:*)
         case "$VERSION" in
-            423)
-                echo "${MACHINE}-qssl-qnx32"
+            4*)
+                echo "${MACHINE}-whatever-qnx4"
                 ;;
             *)
-                echo "${MACHINE}-qssl-qnx"
+                echo "${MACHINE}-whatever-qnx"
                 ;;
         esac
         exit 0
@@ -200,7 +204,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         ;;
 
     SunOS:5.*)
-        echo "${MACHINE}-sun-solaris2"; exit 0
+        echo "${MACHINE}-whatever-solaris2"; exit 0
         ;;
 
     SunOS:*)
@@ -247,6 +251,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
         ;;
 
+    NEWS-OS:4.*)
+        echo "mips-sony-newsos4"; exit 0;
+        ;;
+
 esac
 
 #
@@ -407,6 +415,7 @@ case "$GUESSOS" in
         ;;
   mips-*-linux?) OUT="linux-mips" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
+  m68k-*-linux*) OUT="linux-m68k" ;;
   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
   sparc64-*-linux2)
         #Before we can uncomment following lines we have to wait at least
@@ -424,9 +433,10 @@ case "$GUESSOS" in
         sun4d)  OUT="linux-sparcv8" ;;
         *)      OUT="linux-sparcv7" ;;
         esac ;;
+  arm*-*-linux2) OUT="linux-elf-arm" ;;
   *-*-linux2) OUT="linux-elf" ;;
   *-*-linux1) OUT="linux-aout" ;;
-  sun4u*-sun-solaris2)
+  sun4u*-*-solaris2)
         ISA64=`(isalist) 2>/dev/null | grep sparcv9`
         if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
                 echo "WARNING! If you wish to build 64-bit library, then you have to"
@@ -435,10 +445,10 @@ case "$GUESSOS" in
                 read waste < /dev/tty
         fi
         OUT="solaris-sparcv9-$CC" ;;
-  sun4m-sun-solaris2)   OUT="solaris-sparcv8-$CC" ;;
-  sun4d-sun-solaris2)   OUT="solaris-sparcv8-$CC" ;;
-  sun4*-sun-solaris2)   OUT="solaris-sparcv7-$CC" ;;
-  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
+  sun4m-*-solaris2)     OUT="solaris-sparcv8-$CC" ;;
+  sun4d-*-solaris2)     OUT="solaris-sparcv8-$CC" ;;
+  sun4*-*-solaris2)     OUT="solaris-sparcv7-$CC" ;;
+  *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
@@ -468,14 +478,21 @@ case "$GUESSOS" in
   # these are all covered by the catchall below
   # *-aix) OUT="aix-$CC" ;;
   # *-dgux) OUT="dgux" ;;
+  mips-sony-newsos4) OUT="newsos4-gcc" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
-  options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
 
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -491,17 +508,6 @@ then
   sleep 5
   OUT=linux-sparcv8
 fi
-# To start with $OUT is never i86pc-sun-solaris2. Secondly why
-# ban *all* assembler implementation if it can't stand only one,
-# SHA-0 implementation.
-#if [ "$OUT" = "i86pc-sun-solaris2" ]
-#then
-#  ASM=`as -V /dev/null 2>&1`
-#  case "$ASM" in
-#    GNU*) ;;
-#    *) options="$options no-asm" ; echo "WARNING: You need the GNU assembler to use OpenSSL assembler code." ; echo "Sun as is not supported on Solaris x86." ;;
-#  esac
-#fi
 
 case "$GUESSOS" in
   i386-*) options="$options 386" ;;
@@ -557,7 +563,7 @@ OUT="$PREFIX$OUT"
 
 $PERL ./Configure LIST | grep "$OUT" > /dev/null
 if [ $? = "0" ]; then
-  echo Configuring for $OUT
+  #echo Configuring for $OUT
 
   if [ "$TEST" = "true" ]; then
     echo $PERL ./Configure $OUT $options
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
index b980f54dba..3c4cf3ea9a 100644
--- a/src/lib/libssl/src/crypto/Makefile
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -27,7 +27,7 @@ LIBS=
 
 SDIRS=  md2 md5 sha mdc2 hmac ripemd \
         des rc2 rc4 rc5 idea bf cast \
-        bn rsa dsa dh \
+        bn rsa dsa dh dso engine \
         buffer bio stack lhash rand err objects \
         evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
@@ -39,7 +39,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
 HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -155,41 +155,45 @@ dclean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cryptlib.o: cryptlib.h
+cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cversion.o: buildinf.h cryptlib.h
+cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h
 ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/stack.h cryptlib.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/stack.h cryptlib.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
index f9b33586be..05e3bb701e 100644
--- a/src/lib/libssl/src/crypto/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -27,7 +27,7 @@ LIBS=
 
 SDIRS=  md2 md5 sha mdc2 hmac ripemd \
         des rc2 rc4 rc5 idea bf cast \
-        bn rsa dsa dh \
+        bn rsa dsa dh dso engine \
         buffer bio stack lhash rand err objects \
         evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
@@ -39,7 +39,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
 HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -155,41 +155,45 @@ dclean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cryptlib.o: cryptlib.h
+cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cversion.o: buildinf.h cryptlib.h
+cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h
 ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/stack.h cryptlib.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/stack.h cryptlib.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile.ssl b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
index a17a713a75..b8059ddffe 100644
--- a/src/lib/libssl/src/crypto/asn1/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
@@ -24,7 +24,7 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
         a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-        a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \
+        a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
         x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
         x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
         d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
@@ -39,7 +39,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
         evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
         a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-        a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \
+        a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
         x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
         x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
         d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
@@ -119,37 +119,43 @@ a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bitstr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bitstr.o: ../cryptlib.h
 a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bmp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bmp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_bmp.o: ../cryptlib.h
 a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_bool.o: ../cryptlib.h
 a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_bytes.o: ../../include/openssl/stack.h ../cryptlib.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
 a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_d2i_fp.o: ../../include/openssl/opensslconf.h
 a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_d2i_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_d2i_fp.o: ../cryptlib.h
 a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -157,107 +163,124 @@ a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_digest.o: ../cryptlib.h
+a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_dup.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_dup.o: ../../include/openssl/stack.h ../cryptlib.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
 a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_enum.o: ../cryptlib.h
 a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_gentm.o: ../cryptlib.h
 a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_hdr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_hdr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
 a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_i2d_fp.o: ../../include/openssl/opensslconf.h
 a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_i2d_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_i2d_fp.o: ../cryptlib.h
 a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_int.o: ../cryptlib.h
 a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_mbstr.o: ../cryptlib.h
 a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_meth.o: ../cryptlib.h
 a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_null.o: ../cryptlib.h
 a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_object.o: ../../include/openssl/stack.h ../cryptlib.h
+a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_object.o: ../cryptlib.h
 a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_octet.o: ../cryptlib.h
 a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_print.o: ../cryptlib.h
 a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_set.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_set.o: ../../include/openssl/stack.h ../cryptlib.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
 a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -265,50 +288,76 @@ a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 a_sign.o: ../cryptlib.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: charmap.h
 a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_strnid.o: ../../include/openssl/stack.h ../cryptlib.h
+a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strnid.o: ../cryptlib.h
 a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_time.o: ../cryptlib.h
 a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_type.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-a_type.o: ../../include/openssl/stack.h ../cryptlib.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
 a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_utctm.o: ../cryptlib.h
 a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_utf8.o: ../cryptlib.h
 a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -317,64 +366,79 @@ a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_verify.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_vis.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_vis.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_vis.o: ../cryptlib.h
-asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bn.h
-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_err.o: ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
 asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn1_lib.o: ../cryptlib.h
 asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn1_par.o: ../../include/openssl/stack.h ../cryptlib.h
+asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn1_par.o: ../cryptlib.h
 asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-asn_pack.o: ../../include/openssl/stack.h ../cryptlib.h
+asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_pack.o: ../cryptlib.h
 d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_dhp.o: ../cryptlib.h
 d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_dsap.o: ../../include/openssl/opensslconf.h
 d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_dsap.o: ../cryptlib.h
 d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -382,14 +446,16 @@ d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-d2i_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-d2i_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-d2i_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
 d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -397,94 +463,110 @@ d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-d2i_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-d2i_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-d2i_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
 d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_r_pr.o: ../../include/openssl/opensslconf.h
 d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pr.o: ../cryptlib.h
+d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
 d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_r_pu.o: ../../include/openssl/opensslconf.h
 d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-d2i_r_pu.o: ../cryptlib.h
+d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
 d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_s_pr.o: ../../include/openssl/opensslconf.h
 d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_s_pr.o: ../cryptlib.h
 d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_s_pu.o: ../../include/openssl/opensslconf.h
 d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_s_pu.o: ../cryptlib.h
 evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+evp_asn1.o: ../../include/openssl/opensslconf.h
 evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-evp_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_asn1.o: ../cryptlib.h
 f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 f_enum.o: ../cryptlib.h
 f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 f_int.o: ../cryptlib.h
 f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-f_string.o: ../../include/openssl/stack.h ../cryptlib.h
+f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_string.o: ../cryptlib.h
 i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dhp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i2d_dhp.o: ../cryptlib.h
 i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+i2d_dsap.o: ../../include/openssl/opensslconf.h
 i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_dsap.o: ../cryptlib.h
 i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -492,14 +574,16 @@ i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-i2d_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-i2d_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-i2d_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
 i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -507,50 +591,58 @@ i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-i2d_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-i2d_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-i2d_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
 i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_r_pr.o: ../../include/openssl/opensslconf.h
 i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pr.o: ../cryptlib.h
+i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
 i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_r_pu.o: ../../include/openssl/opensslconf.h
 i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-i2d_r_pu.o: ../cryptlib.h
+i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
 i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_s_pr.o: ../../include/openssl/opensslconf.h
 i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_s_pr.o: ../cryptlib.h
 i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_s_pu.o: ../../include/openssl/opensslconf.h
 i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_s_pu.o: ../cryptlib.h
 n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -559,31 +651,35 @@ n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-n_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-nsseq.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
-nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-nsseq.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -592,14 +688,16 @@ p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p5_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p5_pbe.o: ../cryptlib.h
 p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -610,16 +708,18 @@ p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p5_pbev2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p5_pbev2.o: ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h
 p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -628,14 +728,16 @@ p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_dgst.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_dgst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_dgst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_dgst.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -645,14 +747,16 @@ p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -662,16 +766,17 @@ p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_enc_c.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_enc_c.o: ../../include/openssl/opensslconf.h
+p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_enc_c.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p7_enc_c.o: ../cryptlib.h
+p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -680,14 +785,16 @@ p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_evp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_evp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_evp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_evp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_evp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_evp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_evp.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -697,14 +804,16 @@ p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_i_s.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_i_s.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_i_s.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_i_s.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_i_s.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_i_s.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_i_s.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -714,14 +823,16 @@ p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -731,16 +842,17 @@ p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_recip.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_recip.o: ../../include/openssl/opensslconf.h
+p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_recip.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p7_recip.o: ../cryptlib.h
+p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -749,14 +861,16 @@ p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_s_e.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_s_e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p7_s_e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p7_s_e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p7_s_e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p7_s_e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p7_s_e.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -766,16 +880,17 @@ p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signd.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_signd.o: ../../include/openssl/opensslconf.h
+p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p7_signd.o: ../cryptlib.h
+p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -784,16 +899,17 @@ p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p7_signi.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p7_signi.o: ../../include/openssl/opensslconf.h
+p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p7_signi.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p7_signi.o: ../cryptlib.h
+p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -802,14 +918,16 @@ p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p8_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -817,16 +935,18 @@ t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -835,25 +955,28 @@ t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_pkey.o: ../cryptlib.h
 t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -861,16 +984,18 @@ t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -881,14 +1006,16 @@ t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -896,16 +1023,18 @@ t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -916,14 +1045,16 @@ t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -933,14 +1064,16 @@ x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_algor.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_algor.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -950,16 +1083,17 @@ x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_attrib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_attrib.o: ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_attrib.o: ../cryptlib.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -968,14 +1102,16 @@ x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_cinf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_cinf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_cinf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_cinf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_cinf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_cinf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_cinf.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -985,14 +1121,16 @@ x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_crl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1002,14 +1140,16 @@ x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_exten.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_exten.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1019,14 +1159,16 @@ x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1036,14 +1178,16 @@ x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_name.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_name.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1053,14 +1197,16 @@ x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1070,16 +1216,17 @@ x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_pubkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h
+x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1088,14 +1235,16 @@ x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_req.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_req.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1105,14 +1254,16 @@ x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_sig.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_sig.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_sig.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1122,14 +1273,16 @@ x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_spki.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1139,32 +1292,38 @@ x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_val.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_val.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_val.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_val.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x_x509.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
 x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-x_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h
 x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1173,12 +1332,14 @@ x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
index c77456b315..7013a407ad 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -70,13 +70,27 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }
 
 int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+        int len, ret;
+        len = i2c_ASN1_BIT_STRING(a, NULL);     
+        ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
+        if(pp) {
+                ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
+                i2c_ASN1_BIT_STRING(a, pp);     
+        }
+        return ret;
+}
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
         {
-        int ret,j,r,bits,len;
+        int ret,j,bits,len;
         unsigned char *p,*d;
 
         if (a == NULL) return(0);
 
         len=a->length;
+        ret=1+len;
+        if (pp == NULL) return(ret);
 
         if (len > 0)
                 {
@@ -104,36 +118,27 @@ int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
                 }
         else
                 bits=0;
-        ret=1+len;
-        r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
-        if (pp == NULL) return(r);
         p= *pp;
 
-        ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
         *(p++)=(unsigned char)bits;
         d=a->data;
         memcpy(p,d,len);
         p+=len;
         if (len > 0) p[-1]&=(0xff<<bits);
         *pp=p;
-        return(r);
+        return(ret);
         }
 
+
+/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
              long length)
-        {
-        ASN1_BIT_STRING *ret=NULL;
-        unsigned char *p,*s;
+{
+        unsigned char *p;
         long len;
-        int inf,tag,xclass;
         int i;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
-                }
-        else
-                ret=(*a);
+        int inf,tag,xclass;
+        ASN1_BIT_STRING *ret;
 
         p= *pp;
         inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@@ -149,7 +154,30 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
                 goto err;
                 }
         if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
+        ret = c2i_ASN1_BIT_STRING(a, &p, len);
+        if(ret) *pp = p;
+        return ret;
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+        return(NULL);
+
+}
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_BIT_STRING *ret=NULL;
+        unsigned char *p,*s;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
 
+        p= *pp;
         i= *(p++);
         /* We do this to preserve the settings.  If we modify
          * the settings, via the _set_bit function, we will recalculate
@@ -159,7 +187,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 
         if (len-- > 1) /* using one because of the bits left byte */
                 {
-                s=(unsigned char *)Malloc((int)len);
+                s=(unsigned char *)OPENSSL_malloc((int)len);
                 if (s == NULL)
                         {
                         i=ERR_R_MALLOC_FAILURE;
@@ -173,7 +201,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
                 s=NULL;
 
         ret->length=(int)len;
-        if (ret->data != NULL) Free(ret->data);
+        if (ret->data != NULL) OPENSSL_free(ret->data);
         ret->data=s;
         ret->type=V_ASN1_BIT_STRING;
         if (a != NULL) (*a)=ret;
@@ -204,14 +232,14 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
                 {
                 if (!value) return(1); /* Don't need to set */
                 if (a->data == NULL)
-                        c=(unsigned char *)Malloc(w+1);
+                        c=(unsigned char *)OPENSSL_malloc(w+1);
                 else
-                        c=(unsigned char *)Realloc(a->data,w+1);
+                        c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
                 if (c == NULL) return(0);
+                if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
                 a->data=c;
                 a->length=w+1;
-                c[w]=0;
-                }
+        }
         a->data[w]=((a->data[w])&iv)|v;
         while ((a->length > 0) && (a->data[a->length-1] == 0))
                 a->length--;
diff --git a/src/lib/libssl/src/crypto/asn1/a_bytes.c b/src/lib/libssl/src/crypto/asn1/a_bytes.c
index 8cde695804..3a0c0c7835 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bytes.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bytes.c
@@ -111,7 +111,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 
         if (len != 0)
                 {
-                s=(unsigned char *)Malloc((int)len+1);
+                s=(unsigned char *)OPENSSL_malloc((int)len+1);
                 if (s == NULL)
                         {
                         i=ERR_R_MALLOC_FAILURE;
@@ -124,7 +124,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
         else
                 s=NULL;
 
-        if (ret->data != NULL) Free(ret->data);
+        if (ret->data != NULL) OPENSSL_free(ret->data);
         ret->length=(int)len;
         ret->data=s;
         ret->type=tag;
@@ -218,8 +218,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
                         {
                         if ((ret->length < len) || (ret->data == NULL))
                                 {
-                                if (ret->data != NULL) Free(ret->data);
-                                s=(unsigned char *)Malloc((int)len + 1);
+                                if (ret->data != NULL) OPENSSL_free(ret->data);
+                                s=(unsigned char *)OPENSSL_malloc((int)len + 1);
                                 if (s == NULL)
                                         {
                                         i=ERR_R_MALLOC_FAILURE;
@@ -235,7 +235,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
                 else
                         {
                         s=NULL;
-                        if (ret->data != NULL) Free(ret->data);
+                        if (ret->data != NULL) OPENSSL_free(ret->data);
                         }
 
                 ret->length=(int)len;
@@ -310,14 +310,14 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
         if (!asn1_Finish(c)) goto err;
 
         a->length=num;
-        if (a->data != NULL) Free(a->data);
+        if (a->data != NULL) OPENSSL_free(a->data);
         a->data=(unsigned char *)b.data;
         if (os != NULL) ASN1_STRING_free(os);
         return(1);
 err:
         ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
         if (os != NULL) ASN1_STRING_free(os);
-        if (b.data != NULL) Free(b.data);
+        if (b.data != NULL) OPENSSL_free(b.data);
         return(0);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/a_digest.c b/src/lib/libssl/src/crypto/asn1/a_digest.c
index 3370aae998..8257b8639e 100644
--- a/src/lib/libssl/src/crypto/asn1/a_digest.c
+++ b/src/lib/libssl/src/crypto/asn1/a_digest.c
@@ -77,14 +77,14 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
         unsigned char *str,*p;
 
         i=i2d(data,NULL);
-        if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
+        if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
         p=str;
         i2d(data,&p);
 
         EVP_DigestInit(&ctx,type);
         EVP_DigestUpdate(&ctx,str,i);
         EVP_DigestFinal(&ctx,md,len);
-        Free(str);
+        OPENSSL_free(str);
         return(1);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/a_dup.c b/src/lib/libssl/src/crypto/asn1/a_dup.c
index 3202a816d0..c3bda58a5d 100644
--- a/src/lib/libssl/src/crypto/asn1/a_dup.c
+++ b/src/lib/libssl/src/crypto/asn1/a_dup.c
@@ -71,13 +71,13 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
         if (x == NULL) return(NULL);
 
         i=(long)i2d(x,NULL);
-        b=(unsigned char *)Malloc((unsigned int)i+10);
+        b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
         if (b == NULL)
                 { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
         p= b;
         i=i2d(x,&p);
         p= b;
         ret=d2i(NULL,&p,i);
-        Free(b);
+        OPENSSL_free(b);
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_enum.c b/src/lib/libssl/src/crypto/asn1/a_enum.c
index ccf62e5a04..1428d1df7a 100644
--- a/src/lib/libssl/src/crypto/asn1/a_enum.c
+++ b/src/lib/libssl/src/crypto/asn1/a_enum.c
@@ -71,88 +71,28 @@ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
 void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
 { M_ASN1_ENUMERATED_free(x); }
 
-int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
-        {
-        int pad=0,ret,r,i,t;
-        unsigned char *p,*n,pb=0;
-
-        if ((a == NULL) || (a->data == NULL)) return(0);
-        t=a->type;
-        if (a->length == 0)
-                ret=1;
-        else
-                {
-                ret=a->length;
-                i=a->data[0];
-                if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
-                        pad=1;
-                        pb=0;
-                } else if(t == V_ASN1_NEG_ENUMERATED) {
-                        if(i>128) {
-                                pad=1;
-                                pb=0xFF;
-                        } else if(i == 128) {
-                                for(i = 1; i < a->length; i++) if(a->data[i]) {
-                                                pad=1;
-                                                pb=0xFF;
-                                                break;
-                                }
-                        }
-                }
-                ret+=pad;
-                }
-        r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
-        if (pp == NULL) return(r);
-        p= *pp;
-
-        ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
-        if (pad) *(p++)=pb;
-        if (a->length == 0)
-                *(p++)=0;
-        else if (t == V_ASN1_ENUMERATED)
-                {
-                memcpy(p,a->data,(unsigned int)a->length);
-                p+=a->length;
-                }
-        else {
-                /* Begin at the end of the encoding */
-                n=a->data + a->length - 1;
-                p += a->length - 1;
-                i = a->length;
-                /* Copy zeros to destination as long as source is zero */
-                while(!*n) {
-                        *(p--) = 0;
-                        n--;
-                        i--;
-                }
-                /* Complement and increment next octet */
-                *(p--) = ((*(n--)) ^ 0xff) + 1;
-                i--;
-                /* Complement any octets left */
-                for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
-                p += a->length;
-        }
 
-        *pp=p;
-        return(r);
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
+{
+        int len, ret;
+        if(!a) return 0;
+        len = i2c_ASN1_INTEGER(a, NULL);        
+        ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
+        if(pp) {
+                ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
+                i2c_ASN1_INTEGER(a, pp);        
         }
+        return ret;
+}
 
 ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
              long length)
-        {
-        ASN1_ENUMERATED *ret=NULL;
-        unsigned char *p,*to,*s;
+{
+        unsigned char *p;
         long len;
-        int inf,tag,xclass;
         int i;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_ENUMERATED_new()) == NULL) return(NULL);
-                ret->type=V_ASN1_ENUMERATED;
-                }
-        else
-                ret=(*a);
+        int inf,tag,xclass;
+        ASN1_ENUMERATED *ret;
 
         p= *pp;
         inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@@ -167,70 +107,17 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
                 i=ASN1_R_EXPECTING_AN_ENUMERATED;
                 goto err;
                 }
-
-        /* We must Malloc stuff, even for 0 bytes otherwise it
-         * signifies a missing NULL parameter. */
-        s=(unsigned char *)Malloc((int)len+1);
-        if (s == NULL)
-                {
-                i=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        to=s;
-        if(!len) {
-                /* Strictly speaking this is an illegal ENUMERATED but we
-                 * tolerate it.
-                 */
-                ret->type=V_ASN1_ENUMERATED;
-        } else if (*p & 0x80) /* a negative number */
-                {
-                ret->type=V_ASN1_NEG_ENUMERATED;
-                if ((*p == 0xff) && (len != 1)) {
-                        p++;
-                        len--;
-                }
-                i = len;
-                p += i - 1;
-                to += i - 1;
-                while((!*p) && i) {
-                        *(to--) = 0;
-                        i--;
-                        p--;
-                }
-                if(!i) {
-                        *s = 1;
-                        s[len] = 0;
-                        p += len;
-                        len++;
-                } else {
-                        *(to--) = (*(p--) ^ 0xff) + 1;
-                        i--;
-                        for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
-                        p += len;
-                }
-        } else {
-                ret->type=V_ASN1_ENUMERATED;
-                if ((*p == 0) && (len != 1))
-                        {
-                        p++;
-                        len--;
-                        }
-                memcpy(s,p,(int)len);
-                p+=len;
+        ret = c2i_ASN1_INTEGER(a, &p, len);
+        if(ret) {
+                ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
+                *pp = p;
         }
-
-        if (ret->data != NULL) Free(ret->data);
-        ret->data=s;
-        ret->length=(int)len;
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
+        return ret;
 err:
         ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                M_ASN1_ENUMERATED_free(ret);
         return(NULL);
-        }
+
+}
 
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
         {
@@ -242,8 +129,8 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
         if (a->length < (sizeof(long)+1))
                 {
                 if (a->data != NULL)
-                        Free(a->data);
-                if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
                         memset((char *)a->data,0,sizeof(long)+1);
                 }
         if (a->data == NULL)
@@ -318,7 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
         else ret->type=V_ASN1_ENUMERATED;
         j=BN_num_bits(bn);
         len=((j == 0)?0:((j/8)+1));
-        ret->data=(unsigned char *)Malloc(len+4);
+        ret->data=(unsigned char *)OPENSSL_malloc(len+4);
         ret->length=BN_bn2bin(bn,ret->data);
         return(ret);
 err:
@@ -332,6 +219,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
 
         if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
                 ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-        if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
+        else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c
index 84062170e8..314479a03d 100644
--- a/src/lib/libssl/src/crypto/asn1/a_gentm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -212,10 +212,10 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
         p=(char *)s->data;
         if ((p == NULL) || (s->length < 16))
                 {
-                p=Malloc(20);
+                p=OPENSSL_malloc(20);
                 if (p == NULL) return(NULL);
                 if (s->data != NULL)
-                        Free(s->data);
+                        OPENSSL_free(s->data);
                 s->data=(unsigned char *)p;
                 }
 
diff --git a/src/lib/libssl/src/crypto/asn1/a_hdr.c b/src/lib/libssl/src/crypto/asn1/a_hdr.c
index 434610e8e1..b1aad81f77 100644
--- a/src/lib/libssl/src/crypto/asn1/a_hdr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_hdr.c
@@ -115,5 +115,5 @@ void ASN1_HEADER_free(ASN1_HEADER *a)
         M_ASN1_OCTET_STRING_free(a->header);
         if (a->meth != NULL)
                 a->meth->destroy(a->data);
-        Free(a);
+        OPENSSL_free(a);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c
index d9b8035e17..aee29a7790 100644
--- a/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c
+++ b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c
@@ -86,7 +86,7 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
         int i,j=0,n,ret=1;
 
         n=i2d(x,NULL);
-        b=(char *)Malloc(n);
+        b=(char *)OPENSSL_malloc(n);
         if (b == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
@@ -108,6 +108,6 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
                 j+=i;
                 n-=i;
                 }
-        Free(b);
+        OPENSSL_free(b);
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c
index 8b6794e8c1..6f0413f885 100644
--- a/src/lib/libssl/src/crypto/asn1/a_int.c
+++ b/src/lib/libssl/src/crypto/asn1/a_int.c
@@ -72,8 +72,23 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}
 
+/* Output ASN1 INTEGER including tag+length */
+
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+        int len, ret;
+        if(!a) return 0;
+        len = i2c_ASN1_INTEGER(a, NULL);        
+        ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
+        if(pp) {
+                ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
+                i2c_ASN1_INTEGER(a, pp);        
+        }
+        return ret;
+}
+
 /* 
- * This converts an ASN1 INTEGER into its DER encoding.
+ * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
  * representation of the value, ignoring the sign. The sign is determined by
  * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
@@ -97,23 +112,23 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
  * followed by optional zeros isn't padded.
  */
 
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         {
-        int pad=0,ret,r,i,t;
+        int pad=0,ret,i,neg;
         unsigned char *p,*n,pb=0;
 
         if ((a == NULL) || (a->data == NULL)) return(0);
-        t=a->type;
+        neg=a->type & V_ASN1_NEG;
         if (a->length == 0)
                 ret=1;
         else
                 {
                 ret=a->length;
                 i=a->data[0];
-                if ((t == V_ASN1_INTEGER) && (i > 127)) {
+                if (!neg && (i > 127)) {
                         pad=1;
                         pb=0;
-                } else if(t == V_ASN1_NEG_INTEGER) {
+                } else if(neg) {
                         if(i>128) {
                                 pad=1;
                                 pb=0xFF;
@@ -131,14 +146,12 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
                 }
                 ret+=pad;
                 }
-        r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
-        if (pp == NULL) return(r);
+        if (pp == NULL) return(ret);
         p= *pp;
 
-        ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
         if (pad) *(p++)=pb;
         if (a->length == 0) *(p++)=0;
-        else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
+        else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
         else {
                 /* Begin at the end of the encoding */
                 n=a->data + a->length - 1;
@@ -157,30 +170,22 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
                 for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
         }
 
-        *pp+=r;
-        return(r);
+        *pp+=ret;
+        return(ret);
         }
 
+/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
              long length)
-        {
-        ASN1_INTEGER *ret=NULL;
-        unsigned char *p,*to,*s, *pend;
+{
+        unsigned char *p;
         long len;
-        int inf,tag,xclass;
         int i;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-                ret->type=V_ASN1_INTEGER;
-                }
-        else
-                ret=(*a);
+        int inf,tag,xclass;
+        ASN1_INTEGER *ret;
 
         p= *pp;
         inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        pend = p + len;
         if (inf & 0x80)
                 {
                 i=ASN1_R_BAD_OBJECT_HEADER;
@@ -192,10 +197,39 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
                 i=ASN1_R_EXPECTING_AN_INTEGER;
                 goto err;
                 }
+        ret = c2i_ASN1_INTEGER(a, &p, len);
+        if(ret) *pp = p;
+        return ret;
+err:
+        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+        return(NULL);
+
+}
+
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_INTEGER *ret=NULL;
+        unsigned char *p,*to,*s, *pend;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
 
-        /* We must Malloc stuff, even for 0 bytes otherwise it
+        p= *pp;
+        pend = p + len;
+
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
          * signifies a missing NULL parameter. */
-        s=(unsigned char *)Malloc((int)len+1);
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
         if (s == NULL)
                 {
                 i=ERR_R_MALLOC_FAILURE;
@@ -248,7 +282,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
                 memcpy(s,p,(int)len);
         }
 
-        if (ret->data != NULL) Free(ret->data);
+        if (ret->data != NULL) OPENSSL_free(ret->data);
         ret->data=s;
         ret->length=(int)len;
         if (a != NULL) (*a)=ret;
@@ -261,6 +295,7 @@ err:
         return(NULL);
         }
 
+
 /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
  * ASN1 integers: some broken software can encode a positive INTEGER
  * with its MSB set as negative (it doesn't add a padding zero).
@@ -297,9 +332,9 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
                 goto err;
                 }
 
-        /* We must Malloc stuff, even for 0 bytes otherwise it
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
          * signifies a missing NULL parameter. */
-        s=(unsigned char *)Malloc((int)len+1);
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
         if (s == NULL)
                 {
                 i=ERR_R_MALLOC_FAILURE;
@@ -317,7 +352,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
                 p+=len;
         }
 
-        if (ret->data != NULL) Free(ret->data);
+        if (ret->data != NULL) OPENSSL_free(ret->data);
         ret->data=s;
         ret->length=(int)len;
         if (a != NULL) (*a)=ret;
@@ -340,8 +375,8 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
         if (a->length < (sizeof(long)+1))
                 {
                 if (a->data != NULL)
-                        Free(a->data);
-                if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
                         memset((char *)a->data,0,sizeof(long)+1);
                 }
         if (a->data == NULL)
@@ -416,7 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
         else ret->type=V_ASN1_INTEGER;
         j=BN_num_bits(bn);
         len=((j == 0)?0:((j/8)+1));
-        ret->data=(unsigned char *)Malloc(len+4);
+        ret->data=(unsigned char *)OPENSSL_malloc(len+4);
         ret->length=BN_bn2bin(bn,ret->data);
         return(ret);
 err:
@@ -430,6 +465,9 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 
         if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
                 ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-        if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
+        else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
         return(ret);
         }
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
index 7a710d5459..5d981c6553 100644
--- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -92,6 +92,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 {
         int str_type;
         int ret;
+        char free_out;
         int outform, outlen;
         ASN1_STRING *dest;
         unsigned char *p;
@@ -180,14 +181,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         }
         if(!out) return str_type;
         if(*out) {
+                free_out = 0;
                 dest = *out;
                 if(dest->data) {
                         dest->length = 0;
-                        Free(dest->data);
+                        OPENSSL_free(dest->data);
                         dest->data = NULL;
                 }
                 dest->type = str_type;
         } else {
+                free_out = 1;
                 dest = ASN1_STRING_type_new(str_type);
                 if(!dest) {
                         ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
@@ -228,8 +231,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                 cpyfunc = cpy_utf8;
                 break;
         }
-        if(!(p = Malloc(outlen + 1))) {
-                ASN1_STRING_free(dest);
+        if(!(p = OPENSSL_malloc(outlen + 1))) {
+                if(free_out) ASN1_STRING_free(dest);
                 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
                 return -1;
         }
@@ -258,8 +261,8 @@ static int traverse_string(const unsigned char *p, int len, int inform,
                         value |= *p++;
                         len -= 2;
                 } else if(inform == MBSTRING_UNIV) {
-                        value = *p++ << 24;
-                        value |= *p++ << 16;
+                        value = ((unsigned long)*p++) << 24;
+                        value |= ((unsigned long)*p++) << 16;
                         value |= *p++ << 8;
                         value |= *p++;
                         len -= 4;
@@ -382,9 +385,16 @@ static int is_printable(unsigned long value)
         /* Note: we can't use 'isalnum' because certain accented 
          * characters may count as alphanumeric in some environments.
          */
+#ifndef CHARSET_EBCDIC
         if((ch >= 'a') && (ch <= 'z')) return 1;
         if((ch >= 'A') && (ch <= 'Z')) return 1;
         if((ch >= '0') && (ch <= '9')) return 1;
         if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+#else /*CHARSET_EBCDIC*/
+        if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
+        if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
+        if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
+        if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
+#endif /*CHARSET_EBCDIC*/
         return 0;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c
index 09d56fb669..20caa2d3bd 100644
--- a/src/lib/libssl/src/crypto/asn1/a_object.c
+++ b/src/lib/libssl/src/crypto/asn1/a_object.c
@@ -65,11 +65,12 @@
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
         {
         unsigned char *p;
+        int objsize;
 
         if ((a == NULL) || (a->data == NULL)) return(0);
 
-        if (pp == NULL)
-                return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
+        objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
+        if (pp == NULL) return objsize;
 
         p= *pp;
         ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
@@ -77,7 +78,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
         p+=a->length;
 
         *pp=p;
-        return(a->length);
+        return(objsize);
         }
 
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
@@ -190,24 +191,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
              long length)
-        {
-        ASN1_OBJECT *ret=NULL;
+{
         unsigned char *p;
         long len;
         int tag,xclass;
         int inf,i;
-
-        /* only the ASN1_OBJECTs from the 'table' will have values
-         * for ->sn or ->ln */
-        if ((a == NULL) || ((*a) == NULL) ||
-                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-                {
-                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-                }
-        else    ret=(*a);
-
+        ASN1_OBJECT *ret = NULL;
         p= *pp;
-
         inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
         if (inf & 0x80)
                 {
@@ -220,10 +210,36 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
                 i=ASN1_R_EXPECTING_AN_OBJECT;
                 goto err;
                 }
+        ret = c2i_ASN1_OBJECT(a, &p, len);
+        if(ret) *pp = p;
+        return ret;
+err:
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+}
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_OBJECT *ret=NULL;
+        unsigned char *p;
+        int i;
+
+        /* only the ASN1_OBJECTs from the 'table' will have values
+         * for ->sn or ->ln */
+        if ((a == NULL) || ((*a) == NULL) ||
+                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                {
+                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+                }
+        else    ret=(*a);
+
+        p= *pp;
         if ((ret->data == NULL) || (ret->length < len))
                 {
-                if (ret->data != NULL) Free(ret->data);
-                ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
+                if (ret->data != NULL) OPENSSL_free(ret->data);
+                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
                 ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
                 if (ret->data == NULL)
                         { i=ERR_R_MALLOC_FAILURE; goto err; }
@@ -249,7 +265,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
         {
         ASN1_OBJECT *ret;
 
-        ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
+        ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
         if (ret == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
@@ -270,19 +286,19 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
         if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
                 {
 #ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
-                if (a->sn != NULL) Free((void *)a->sn);
-                if (a->ln != NULL) Free((void *)a->ln);
+                if (a->sn != NULL) OPENSSL_free((void *)a->sn);
+                if (a->ln != NULL) OPENSSL_free((void *)a->ln);
 #endif
                 a->sn=a->ln=NULL;
                 }
         if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
                 {
-                if (a->data != NULL) Free(a->data);
+                if (a->data != NULL) OPENSSL_free(a->data);
                 a->data=NULL;
                 a->length=0;
                 }
         if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-                Free(a);
+                OPENSSL_free(a);
         }
 
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c
index c2481e7597..caf5a1419c 100644
--- a/src/lib/libssl/src/crypto/asn1/a_set.c
+++ b/src/lib/libssl/src/crypto/asn1/a_set.c
@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
                 }
 
         pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)Malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
 we will store the SET blobs */
 
         for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
         qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = Malloc(totSize);
+        pTempMem = OPENSSL_malloc(totSize);
 
 /* Copy to temp mem */
         p = pTempMem;
@@ -145,20 +145,20 @@ SetBlob
 
 /* Copy back to user mem*/
         memcpy(pStart, pTempMem, totSize);
-        Free(pTempMem);
-        Free(rgSetBlob);
+        OPENSSL_free(pTempMem);
+        OPENSSL_free(rgSetBlob);
 
         return(r);
         }
 
 STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-             char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
+             char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
         {
         ASN1_CTX c;
         STACK *ret=NULL;
 
         if ((a == NULL) || ((*a) == NULL))
-                { if ((ret=sk_new(NULL)) == NULL) goto err; }
+                { if ((ret=sk_new_null()) == NULL) goto err; }
         else
                 ret=(*a);
 
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c
index cfb4bca4f1..4c651706d2 100644
--- a/src/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -108,9 +108,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
                         }
                 }
         inl=i2d(data,NULL);
-        buf_in=(unsigned char *)Malloc((unsigned int)inl);
+        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
         outll=outl=EVP_PKEY_size(pkey);
-        buf_out=(unsigned char *)Malloc((unsigned int)outl);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
         if ((buf_in == NULL) || (buf_out == NULL))
                 {
                 outl=0;
@@ -129,7 +129,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
                 ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
                 goto err;
                 }
-        if (signature->data != NULL) Free(signature->data);
+        if (signature->data != NULL) OPENSSL_free(signature->data);
         signature->data=buf_out;
         buf_out=NULL;
         signature->length=outl;
@@ -141,8 +141,8 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
         memset(&ctx,0,sizeof(ctx));
         if (buf_in != NULL)
-                { memset((char *)buf_in,0,(unsigned int)inl); Free(buf_in); }
+                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
         if (buf_out != NULL)
-                { memset((char *)buf_out,0,outll); Free(buf_out); }
+                { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
         return(outl);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
new file mode 100644
index 0000000000..569b811998
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -0,0 +1,533 @@
+/* a_strex.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
+ * Enhanced string and name printing routines handling
+ * multibyte characters, RFC2253 and a host of other
+ * options.
+ */
+
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+
+/* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+
+int send_mem_chars(void *arg, const void *buf, int len)
+{
+        unsigned char **out = arg;
+        if(!out) return 1;
+        memcpy(*out, buf, len);
+        *out += len;
+        return 1;
+}
+
+int send_bio_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(BIO_write(arg, buf, len) != len) return 0;
+        return 1;
+}
+
+int send_fp_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
+        return 1;
+}
+
+typedef int char_io(void *arg, const void *buf, int len);
+
+/* This function handles display of
+ * strings, one character at a time.
+ * It is passed an unsigned long for each
+ * character because it could come from 2 or even
+ * 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+{
+        unsigned char chflgs, chtmp;
+        char tmphex[11];
+        if(c > 0xffff) {
+                BIO_snprintf(tmphex, 11, "\\W%08lX", c);
+                if(!io_ch(arg, tmphex, 10)) return -1;
+                return 10;
+        }
+        if(c > 0xff) {
+                BIO_snprintf(tmphex, 11, "\\U%04lX", c);
+                if(!io_ch(arg, tmphex, 6)) return -1;
+                return 6;
+        }
+        chtmp = (unsigned char)c;
+        if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+        else chflgs = char_type[chtmp] & flags;
+        if(chflgs & CHARTYPE_BS_ESC) {
+                /* If we don't escape with quotes, signal we need quotes */
+                if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+                        if(do_quotes) *do_quotes = 1;
+                        if(!io_ch(arg, &chtmp, 1)) return -1;
+                        return 1;
+                }
+                if(!io_ch(arg, "\\", 1)) return -1;
+                if(!io_ch(arg, &chtmp, 1)) return -1;
+                return 2;
+        }
+        if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
+                BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+                if(!io_ch(arg, tmphex, 3)) return -1;
+                return 3;
+        }
+        if(!io_ch(arg, &chtmp, 1)) return -1;
+        return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/* This function sends each character in a buffer to
+ * do_esc_char(). It interprets the content formats
+ * and converts to or from UTF8 as appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                        int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+{
+        int i, outlen, len;
+        unsigned char orflags, *p, *q;
+        unsigned long c;
+        p = buf;
+        q = buf + buflen;
+        outlen = 0;
+        while(p != q) {
+                if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
+                else orflags = 0;
+                switch(type & BUF_TYPE_WIDTH_MASK) {
+                        case 4:
+                        c = ((unsigned long)*p++) << 24;
+                        c |= ((unsigned long)*p++) << 16;
+                        c |= ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 2:
+                        c = ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 1:
+                        c = *p++;
+                        break;
+                        
+                        case 0:
+                        i = UTF8_getc(p, buflen, &c);
+                        if(i < 0) return -1;    /* Invalid UTF8String */
+                        p += i;
+                        break;
+                }
+                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
+                if(type & BUF_TYPE_CONVUTF8) {
+                        unsigned char utfbuf[6];
+                        int utflen;
+                        utflen = UTF8_putc(utfbuf, 6, c);
+                        for(i = 0; i < utflen; i++) {
+                                /* We don't need to worry about setting orflags correctly
+                                 * because if utflen==1 its value will be correct anyway 
+                                 * otherwise each character will be > 0x7f and so the 
+                                 * character will never be escaped on first and last.
+                                 */
+                                len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                                if(len < 0) return -1;
+                                outlen += len;
+                        }
+                } else {
+                        len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                        if(len < 0) return -1;
+                        outlen += len;
+                }
+        }
+        return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+{
+        const static char hexdig[] = "0123456789ABCDEF";
+        unsigned char *p, *q;
+        char hextmp[2];
+        if(arg) {
+                p = buf;
+                q = buf + buflen;
+                while(p != q) {
+                        hextmp[0] = hexdig[*p >> 4];
+                        hextmp[1] = hexdig[*p & 0xf];
+                        if(!io_ch(arg, hextmp, 2)) return -1;
+                        p++;
+                }
+        }
+        return buflen << 1;
+}
+
+/* "dump" a string. This is done when the type is unknown,
+ * or the flags request it. We can either dump the content
+ * octets or the entire DER encoding. This uses the RFC2253
+ * #01234 format.
+ */
+
+int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+{
+        /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
+         * the DER encoding to readily obtained
+         */
+        ASN1_TYPE t;
+        unsigned char *der_buf, *p;
+        int outlen, der_len;
+
+        if(!io_ch(arg, "#", 1)) return -1;
+        /* If we don't dump DER encoding just dump content octets */
+        if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+                outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+                if(outlen < 0) return -1;
+                return outlen + 1;
+        }
+        t.type = str->type;
+        t.value.ptr = (char *)str;
+        der_len = i2d_ASN1_TYPE(&t, NULL);
+        der_buf = OPENSSL_malloc(der_len);
+        if(!der_buf) return -1;
+        p = der_buf;
+        i2d_ASN1_TYPE(&t, &p);
+        outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+        OPENSSL_free(der_buf);
+        if(outlen < 0) return -1;
+        return outlen + 1;
+}
+
+/* Lookup table to convert tags to character widths,
+ * 0 = UTF8 encoded, -1 is used for non string types
+ * otherwise it is the number of bytes per character
+ */
+
+const static char tag2nbyte[] = {
+        -1, -1, -1, -1, -1,     /* 0-4 */
+        -1, -1, -1, -1, -1,     /* 5-9 */
+        -1, -1, 0, -1,          /* 10-13 */
+        -1, -1, -1, -1,         /* 15-17 */
+        -1, 1, 1,               /* 18-20 */
+        -1, 1, -1,-1,           /* 21-24 */
+        -1, 1, -1,              /* 25-27 */
+        4, -1, 2                /* 28-30 */
+};
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+ * characters written or -1 if an error
+ * occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+{
+        int outlen, len;
+        int type;
+        char quotes;
+        unsigned char flags;
+        quotes = 0;
+        /* Keep a copy of escape flags */
+        flags = (unsigned char)(lflags & ESC_FLAGS);
+
+        type = str->type;
+
+        outlen = 0;
+
+
+        if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
+                const char *tagname;
+                tagname = ASN1_tag2str(type);
+                outlen += strlen(tagname);
+                if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
+                outlen++;
+        }
+
+        /* Decide what to do with type, either dump content or display it */
+
+        /* Dump everything */
+        if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
+        /* Ignore the string type */
+        else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
+        else {
+                /* Else determine width based on type */
+                if((type > 0) && (type < 31)) type = tag2nbyte[type];
+                else type = -1;
+                if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
+        }
+
+        if(type == -1) {
+                len = do_dump(lflags, io_ch, arg, str);
+                if(len < 0) return -1;
+                outlen += len;
+                return outlen;
+        }
+
+        if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+                /* Note: if string is UTF8 and we want
+                 * to convert to UTF8 then we just interpret
+                 * it as 1 byte per character to avoid converting
+                 * twice.
+                 */
+                if(!type) type = 1;
+                else type |= BUF_TYPE_CONVUTF8;
+        }
+
+        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+        if(outlen < 0) return -1;
+        outlen += len;
+        if(quotes) outlen += 2;
+        if(!arg) return outlen;
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+        int i;
+        for(i = 0; i < indent; i++)
+                        if(!io_ch(arg, " ", 1)) return 0;
+        return 1;
+}
+
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+                                int indent, unsigned long flags)
+{
+        int i, prev = -1, orflags, cnt;
+        int fn_opt, fn_nid;
+        ASN1_OBJECT *fn;
+        ASN1_STRING *val;
+        X509_NAME_ENTRY *ent;
+        char objtmp[80];
+        const char *objbuf;
+        int outlen, len;
+        char *sep_dn, *sep_mv, *sep_eq;
+        int sep_dn_len, sep_mv_len, sep_eq_len;
+        if(indent < 0) indent = 0;
+        outlen = indent;
+        if(!do_indent(io_ch, arg, indent)) return -1;
+        switch (flags & XN_FLAG_SEP_MASK)
+        {
+                case XN_FLAG_SEP_MULTILINE:
+                sep_dn = "\n";
+                sep_dn_len = 1;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                break;
+
+                case XN_FLAG_SEP_COMMA_PLUS:
+                sep_dn = ",";
+                sep_dn_len = 1;
+                sep_mv = "+";
+                sep_mv_len = 1;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_CPLUS_SPC:
+                sep_dn = ", ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_SPLUS_SPC:
+                sep_dn = "; ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                default:
+                return -1;
+        }
+
+        if(flags & XN_FLAG_SPC_EQ) {
+                sep_eq = " = ";
+                sep_eq_len = 3;
+        } else {
+                sep_eq = "=";
+                sep_eq_len = 1;
+        }
+
+        fn_opt = flags & XN_FLAG_FN_MASK;
+
+        cnt = X509_NAME_entry_count(n); 
+        for(i = 0; i < cnt; i++) {
+                if(flags & XN_FLAG_DN_REV)
+                                ent = X509_NAME_get_entry(n, cnt - i - 1);
+                else ent = X509_NAME_get_entry(n, i);
+                if(prev != -1) {
+                        if(prev == ent->set) {
+                                if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
+                                outlen += sep_mv_len;
+                        } else {
+                                if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
+                                outlen += sep_dn_len;
+                                if(!do_indent(io_ch, arg, indent)) return -1;
+                                outlen += indent;
+                        }
+                }
+                prev = ent->set;
+                fn = X509_NAME_ENTRY_get_object(ent);
+                val = X509_NAME_ENTRY_get_data(ent);
+                fn_nid = OBJ_obj2nid(fn);
+                if(fn_opt != XN_FLAG_FN_NONE) {
+                        int objlen;
+                        if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
+                                OBJ_obj2txt(objtmp, 80, fn, 1);
+                                objbuf = objtmp;
+                        } else {
+                                if(fn_opt == XN_FLAG_FN_SN) 
+                                        objbuf = OBJ_nid2sn(fn_nid);
+                                else if(fn_opt == XN_FLAG_FN_LN)
+                                        objbuf = OBJ_nid2ln(fn_nid);
+                                else objbuf = "";
+                        }
+                        objlen = strlen(objbuf);
+                        if(!io_ch(arg, objbuf, objlen)) return -1;
+                        if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
+                        outlen += objlen + sep_eq_len;
+                }
+                /* If the field name is unknown then fix up the DER dump
+                 * flag. We might want to limit this further so it will
+                 * DER dump on anything other than a few 'standard' fields.
+                 */
+                if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
+                                        orflags = ASN1_STRFLGS_DUMP_ALL;
+                else orflags = 0;
+     
+                len = do_print_ex(io_ch, arg, flags | orflags, val);
+                if(len < 0) return -1;
+                outlen += len;
+        }
+        return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+{
+        return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+{
+        return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_fp_chars, fp, flags, str);
+}
+
+/* Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+        ASN1_STRING stmp, *str = &stmp;
+        int mbflag, type, ret;
+        if(!*out || !in) return -1;
+        type = in->type;
+        if((type < 0) || (type > 30)) return -1;
+        mbflag = tag2nbyte[type];
+        if(mbflag == -1) return -1;
+        mbflag |= MBSTRING_FLAG;
+        stmp.data = NULL;
+        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+        if(ret < 0) return ret;
+        if(out) *out = stmp.data;
+        return stmp.length;
+}
diff --git a/src/lib/libssl/src/crypto/asn1/a_strnid.c b/src/lib/libssl/src/crypto/asn1/a_strnid.c
index ab8417ffab..6b10cff994 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strnid.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strnid.c
@@ -65,8 +65,9 @@
 
 static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
-static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b);
+static int table_cmp(const void *a, const void *b);
 
 
 /* This is the global mask for the mbstring functions: this is use to
@@ -173,14 +174,16 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
 };
 
-static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b)
 {
         return (*a)->nid - (*b)->nid;
 }
 
-static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
+static int table_cmp(const void *a, const void *b)
 {
-        return a->nid - b->nid;
+        const ASN1_STRING_TABLE *sa = a, *sb = b;
+        return sa->nid - sb->nid;
 }
 
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
@@ -192,7 +195,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
         ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
                                         (char *)tbl_standard, 
                         sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                        sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
+                        sizeof(ASN1_STRING_TABLE), table_cmp);
         if(ttmp) return ttmp;
         if(!stable) return NULL;
         idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
@@ -213,7 +216,7 @@ int ASN1_STRING_TABLE_add(int nid,
                 return 0;
         }
         if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
-                tmp = Malloc(sizeof(ASN1_STRING_TABLE));
+                tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
                 if(!tmp) {
                         ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
                                                         ERR_R_MALLOC_FAILURE);
@@ -241,7 +244,7 @@ void ASN1_STRING_TABLE_cleanup(void)
 
 static void st_free(ASN1_STRING_TABLE *tbl)
 {
-        if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl);
+        if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
 }
 
 IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c
index b193f1c71f..8c0ddee4ac 100644
--- a/src/lib/libssl/src/crypto/asn1/a_time.c
+++ b/src/lib/libssl/src/crypto/asn1/a_time.c
@@ -113,11 +113,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
         {
         struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
         struct tm data;
-#endif
 
-#if defined(THREADS) && !defined(WIN32)
         gmtime_r(&t,&data);
         ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 #else
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c
index 161ef81197..e72a6b29e0 100644
--- a/src/lib/libssl/src/crypto/asn1/a_type.c
+++ b/src/lib/libssl/src/crypto/asn1/a_type.c
@@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
                 break;
         case V_ASN1_SET:
         case V_ASN1_SEQUENCE:
+        case V_ASN1_OTHER:
+        default:
                 if (a->value.set == NULL)
                         r=0;
                 else
@@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 
         inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
         if (inf & 0x80) goto err;
+        /* If not universal tag we've no idea what it is */
+        if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
         
         ASN1_TYPE_component_free(ret);
 
@@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
                 break;
         case V_ASN1_SET:
         case V_ASN1_SEQUENCE:
+        case V_ASN1_OTHER:
+        default:
                 /* Sets and sequences are left complete */
                 if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
                 ret->value.set->type=tag;
@@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
                 if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
                 p+=len;
                 break;
-        default:
-                ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
-                goto err;
                 }
 
         ret->type=tag;
@@ -282,7 +285,7 @@ void ASN1_TYPE_free(ASN1_TYPE *a)
         {
         if (a == NULL) return;
         ASN1_TYPE_component_free(a);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
@@ -312,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
                 case V_ASN1_OBJECT:
                         ASN1_OBJECT_free(a->value.object);
                         break;
+                case V_ASN1_NULL:
+                        break;
                 case V_ASN1_INTEGER:
                 case V_ASN1_NEG_INTEGER:
                 case V_ASN1_ENUMERATED:
@@ -333,10 +338,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
                 case V_ASN1_UNIVERSALSTRING:
                 case V_ASN1_BMPSTRING:
                 case V_ASN1_UTF8STRING:
-                        ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-                        break;
+                case V_ASN1_OTHER:
                 default:
-                        /* MEMORY LEAK */
+                        ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
                         break;
                         }
                 a->type=0;
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
index 07565974e3..d381c9e0d1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -193,7 +193,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         {
         char *p;
         struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+
         struct tm data;
 #endif
 
@@ -202,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         if (s == NULL)
                 return(NULL);
 
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
         gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
         ts=&data;
 #else
@@ -248,10 +249,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
         p=(char *)s->data;
         if ((p == NULL) || (s->length < 14))
                 {
-                p=Malloc(20);
+                p=OPENSSL_malloc(20);
                 if (p == NULL) return(NULL);
                 if (s->data != NULL)
-                        Free(s->data);
+                        OPENSSL_free(s->data);
                 s->data=(unsigned char *)p;
                 }
 
@@ -264,3 +265,84 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 #endif
         return(s);
         }
+
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+        {
+        struct tm *tm;
+        int offset;
+        int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+        if (s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset = g2(s->data+13)*60+g2(s->data+15);
+                if (s->data[12] == '-')
+                        offset = -offset;
+                }
+
+        t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+        { struct tm data; gmtime_r(&t, &data); tm = &data; }
+#else
+        tm = gmtime(&t);
+#endif
+        
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+        year = g2(s->data);
+        if (year < 50)
+                year += 100;
+        return_cmp(year,              tm->tm_year);
+        return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+        return_cmp(g2(s->data+4),     tm->tm_mday);
+        return_cmp(g2(s->data+6),     tm->tm_hour);
+        return_cmp(g2(s->data+8),     tm->tm_min);
+        return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+        return 0;
+        }
+
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+        {
+        struct tm tm;
+        int offset;
+
+        memset(&tm,'\0',sizeof tm);
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+        tm.tm_year=g2(s->data);
+        if(tm.tm_year < 50)
+                tm.tm_year+=100;
+        tm.tm_mon=g2(s->data+2)-1;
+        tm.tm_mday=g2(s->data+4);
+        tm.tm_hour=g2(s->data+6);
+        tm.tm_min=g2(s->data+8);
+        tm.tm_sec=g2(s->data+10);
+        if(s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset=g2(s->data+13)*60+g2(s->data+15);
+                if(s->data[12] == '-')
+                        offset= -offset;
+                }
+#undef g2
+
+        return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+                                       * instead of UTC, and unless we rewrite OpenSSL
+                                       * in Lisp we cannot locally change the timezone
+                                       * without possibly interfering with other parts
+                                       * of the program. timegm, which uses UTC, is
+                                       * non-standard.
+                                       * Also time_t is inappropriate for general
+                                       * UTC times because it may a 32 bit type. */
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/asn1/a_utf8.c b/src/lib/libssl/src/crypto/asn1/a_utf8.c
index b5125af224..854278f136 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utf8.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utf8.c
@@ -133,7 +133,7 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
                 if( ((p[1] & 0xc0) != 0x80)
                    || ((p[2] & 0xc0) != 0x80) 
                    || ((p[3] & 0xc0) != 0x80) ) return -3;
-                value = (*p++ & 0x7) << 18;
+                value = ((unsigned long)(*p++ & 0x7)) << 18;
                 value |= (*p++ & 0x3f) << 12;
                 value |= (*p++ & 0x3f) << 6;
                 value |= *p++ & 0x3f;
@@ -145,9 +145,9 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
                    || ((p[2] & 0xc0) != 0x80) 
                    || ((p[3] & 0xc0) != 0x80) 
                    || ((p[4] & 0xc0) != 0x80) ) return -3;
-                value = (*p++ & 0x3) << 24;
-                value |= (*p++ & 0x3f) << 18;
-                value |= (*p++ & 0x3f) << 12;
+                value = ((unsigned long)(*p++ & 0x3)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
                 value |= (*p++ & 0x3f) << 6;
                 value |= *p++ & 0x3f;
                 if(value < 0x200000) return -4;
@@ -159,10 +159,10 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
                    || ((p[3] & 0xc0) != 0x80) 
                    || ((p[4] & 0xc0) != 0x80) 
                    || ((p[5] & 0xc0) != 0x80) ) return -3;
-                value = (*p++ & 0x1) << 30;
-                value |= (*p++ & 0x3f) << 24;
-                value |= (*p++ & 0x3f) << 18;
-                value |= (*p++ & 0x3f) << 12;
+                value = ((unsigned long)(*p++ & 0x1)) << 30;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
                 value |= (*p++ & 0x3f) << 6;
                 value |= *p++ & 0x3f;
                 if(value < 0x4000000) return -4;
diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c
index d4aede85c3..2a11927e5c 100644
--- a/src/lib/libssl/src/crypto/asn1/a_verify.c
+++ b/src/lib/libssl/src/crypto/asn1/a_verify.c
@@ -88,7 +88,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
                 }
         
         inl=i2d(data,NULL);
-        buf_in=Malloc((unsigned int)inl);
+        buf_in=OPENSSL_malloc((unsigned int)inl);
         if (buf_in == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -101,7 +101,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
         memset(buf_in,0,(unsigned int)inl);
-        Free(buf_in);
+        OPENSSL_free(buf_in);
 
         if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                         (unsigned int)signature->length,pkey) <= 0)
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index 99bd64a11e..6f956b1963 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -59,17 +59,18 @@
 #ifndef HEADER_ASN1_H
 #define HEADER_ASN1_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #include <time.h>
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 
-#ifdef VMS
-#include <openssl/vms_idhacks.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
 #endif
 
 #define V_ASN1_UNIVERSAL                0x00
@@ -82,12 +83,15 @@ extern "C" {
 #define V_ASN1_PRIMATIVE_TAG            0x1f
 
 #define V_ASN1_APP_CHOOSE               -2      /* let the recipient choose */
+#define V_ASN1_OTHER                    -3      /* used in ASN1_TYPE */
+
+#define V_ASN1_NEG                      0x100   /* negative flag */
 
 #define V_ASN1_UNDEF                    -1
 #define V_ASN1_EOC                      0
 #define V_ASN1_BOOLEAN                  1       /**/
 #define V_ASN1_INTEGER                  2
-#define V_ASN1_NEG_INTEGER              (2+0x100)
+#define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
 #define V_ASN1_BIT_STRING               3
 #define V_ASN1_OCTET_STRING             4
 #define V_ASN1_NULL                     5
@@ -96,7 +100,7 @@ extern "C" {
 #define V_ASN1_EXTERNAL                 8
 #define V_ASN1_REAL                     9
 #define V_ASN1_ENUMERATED               10
-#define V_ASN1_NEG_ENUMERATED           (10+0x100)
+#define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
 #define V_ASN1_UTF8STRING               12
 #define V_ASN1_SEQUENCE                 16
 #define V_ASN1_SET                      17
@@ -140,32 +144,10 @@ extern "C" {
 #define MBSTRING_UNIV           (MBSTRING_FLAG|3)
 #define MBSTRING_UTF8           (MBSTRING_FLAG|4)
 
-#define DECLARE_ASN1_SET_OF(type) \
-int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
-                           int (*func)(type *,unsigned char **), int ex_tag, \
-                           int ex_class, int is_set); \
-STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
-                                       long length, \
-                                       type *(*func)(type **, \
-                                                     unsigned char **,long), \
-                                       void (*free_func)(type *), \
-                                       int ex_tag,int ex_class);
-
-#define IMPLEMENT_ASN1_SET_OF(type) \
-int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
-                           int (*func)(type *,unsigned char **), int ex_tag, \
-                           int ex_class, int is_set) \
-    { return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \
-STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
-                                       long length, \
-                                       type *(*func)(type **, \
-                                                     unsigned char **,long), \
-                                       void (*free_func)(type *), \
-                                       int ex_tag,int ex_class) \
-    { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
-                                            (char *(*)())func, \
-                                            (void (*)())free_func, \
-                                            ex_tag,ex_class); }
+struct X509_algor_st;
+
+#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
+#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
 
 typedef struct asn1_ctx_st
         {
@@ -254,6 +236,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ASN1_BMPSTRING          ASN1_STRING
 #define ASN1_VISIBLESTRING      ASN1_STRING
 #define ASN1_UTF8STRING         ASN1_STRING
+#define ASN1_BOOLEAN            int
 #else
 typedef struct asn1_string_st ASN1_INTEGER;
 typedef struct asn1_string_st ASN1_ENUMERATED;
@@ -270,15 +253,99 @@ typedef struct asn1_string_st ASN1_TIME;
 typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
 #endif
 
 typedef int ASN1_NULL;
 
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253           1
+#define ASN1_STRFLGS_ESC_CTRL           2
+#define ASN1_STRFLGS_ESC_MSB            4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE          8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253          0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first 
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL           0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER           0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
 typedef struct asn1_type_st
         {
         int type;
         union   {
                 char *ptr;
+                ASN1_BOOLEAN            boolean;
                 ASN1_STRING *           asn1_string;
                 ASN1_OBJECT *           object;
                 ASN1_INTEGER *          integer;
@@ -520,6 +587,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 ASN1_OBJECT *   ASN1_OBJECT_new(void );
 void            ASN1_OBJECT_free(ASN1_OBJECT *a);
 int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+                        long length);
 ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
                         long length);
 
@@ -542,14 +611,17 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 ASN1_BIT_STRING *       ASN1_BIT_STRING_new(void);
 void            ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
 int             i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
                         long length);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+                        long length);
 int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
                         int length );
 int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
                                 BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -563,8 +635,11 @@ int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 ASN1_INTEGER *  ASN1_INTEGER_new(void);
 void            ASN1_INTEGER_free(ASN1_INTEGER *a);
 int             i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
                         long length);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+                        long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
                         long length);
 ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
@@ -579,6 +654,10 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
 
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
@@ -673,10 +752,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
                         int (*func)(), int ex_tag, int ex_class, int is_set);
 STACK *         d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-                        char *(*func)(), void (*free_func)(),
+                        char *(*func)(), void (*free_func)(void *),
                         int ex_tag, int ex_class);
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -729,16 +808,21 @@ char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 #ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 
-#ifdef HEADER_BIO_H
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+#ifndef NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
 int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
 
@@ -768,9 +852,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
         unsigned char *data, int max_len);
 
 STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-                                                 void (*free_func)() ); 
+                                                 void (*free_func)(void *) ); 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-                                                                 int *len );
+                             int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index be8daa8688..77447a5240 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -181,7 +181,7 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
              int xclass)
         {
         unsigned char *p= *pp;
-        int i;
+        int i, ttag;
 
         i=(constructed)?V_ASN1_CONSTRUCTED:0;
         i|=(xclass&V_ASN1_PRIVATE);
@@ -190,12 +190,15 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
         else
                 {
                 *(p++)=i|V_ASN1_PRIMITIVE_TAG;
-                while (tag > 0x7f)
+                for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+                ttag = i;
+                while(i-- > 0)
                         {
-                        *(p++)=(tag&0x7f)|0x80;
-                        tag>>=7;
+                        p[i] = tag & 0x7f;
+                        if(i != (ttag - 1)) p[i] |= 0x80;
+                        tag >>= 7;
                         }
-                *(p++)=(tag&0x7f);
+                p += ttag;
                 }
         if ((constructed == 2) && (length == 0))
                 *(p++)=0x80; /* der_put_length would output 0 instead */
@@ -335,9 +338,9 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
                 {
                 c=str->data;
                 if (c == NULL)
-                        str->data=Malloc(len+1);
+                        str->data=OPENSSL_malloc(len+1);
                 else
-                        str->data=Realloc(c,len+1);
+                        str->data=OPENSSL_realloc(c,len+1);
 
                 if (str->data == NULL)
                         {
@@ -365,7 +368,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
         {
         ASN1_STRING *ret;
 
-        ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
+        ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
         if (ret == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
@@ -381,8 +384,8 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
 void ASN1_STRING_free(ASN1_STRING *a)
         {
         if (a == NULL) return;
-        if (a->data != NULL) Free(a->data);
-        Free(a);
+        if (a->data != NULL) OPENSSL_free(a->data);
+        OPENSSL_free(a);
         }
 
 int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
index 4f2a82d340..4512ba6cc6 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_mac.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
@@ -59,12 +59,12 @@
 #ifndef HEADER_ASN1_MAC_H
 #define HEADER_ASN1_MAC_H
 
+#include <openssl/asn1.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/asn1.h>
-
 #ifndef ASN1_MAC_ERR_LIB
 #define ASN1_MAC_ERR_LIB        ERR_LIB_ASN1
 #endif 
@@ -340,7 +340,7 @@ err:\
 
 /* New macros */
 #define M_ASN1_New_Malloc(ret,type) \
-        if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
+        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
                 { c.line=__LINE__; goto err2; }
 
 #define M_ASN1_New(arg,func) \
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c
index d1e9816bad..facfdd27fc 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -65,7 +65,7 @@
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
         int indent);
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
-        int offset, int depth, int indent);
+        int offset, int depth, int indent, int dump);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
              int indent)
         {
@@ -110,11 +110,16 @@ err:
 
 int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
         {
-        return(asn1_parse2(bp,&pp,len,0,0,indent));
+        return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+        }
+
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
         }
 
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
-             int depth, int indent)
+             int depth, int indent, int dump)
         {
         unsigned char *p,*ep,*tot,*op,*opp;
         long len;
@@ -123,7 +128,13 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
         ASN1_OBJECT *o=NULL;
         ASN1_OCTET_STRING *os=NULL;
         /* ASN1_BMPSTRING *bmp=NULL;*/
+        int dump_indent;
 
+#if 0
+        dump_indent = indent;
+#else
+        dump_indent = 6;        /* Because we know BIO_dump_indent() */
+#endif
         p= *pp;
         tot=p+length;
         op=p-1;
@@ -178,7 +189,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
                                         {
                                         r=asn1_parse2(bp,&p,(long)(tot-p),
                                                 offset+(p - *pp),depth+1,
-                                                indent);
+                                                indent,dump);
                                         if (r == 0) { ret=0; goto end; }
                                         if ((r == 2) || (p >= tot)) break;
                                         }
@@ -188,7 +199,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
                                         {
                                         r=asn1_parse2(bp,&p,(long)len,
                                                 offset+(p - *pp),depth+1,
-                                                indent);
+                                                indent,dump);
                                         if (r == 0) { ret=0; goto end; }
                                         }
                         }
@@ -273,6 +284,20 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
                                                         os->length) <= 0)
                                                         goto end;
                                                 }
+                                        if (!printable && (os->length > 0)
+                                                && dump)
+                                                {
+                                                if (!nl) 
+                                                        {
+                                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                                goto end;
+                                                        }
+                                                if (BIO_dump_indent(bp,(char *)opp,
+                                                        ((dump == -1 || dump > os->length)?os->length:dump),
+                                                        dump_indent) <= 0)
+                                                        goto end;
+                                                nl=1;
+                                                }
                                         M_ASN1_OCTET_STRING_free(os);
                                         os=NULL;
                                         }
@@ -341,6 +366,19 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
                                         }
                                 M_ASN1_ENUMERATED_free(bs);
                                 }
+                        else if (len > 0 && dump)
+                                {
+                                if (!nl) 
+                                        {
+                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                goto end;
+                                        }
+                                if (BIO_dump_indent(bp,(char *)p,
+                                        ((dump == -1 || dump > len)?len:dump),
+                                        dump_indent) <= 0)
+                                        goto end;
+                                nl=1;
+                                }
 
                         if (!nl) 
                                 {
diff --git a/src/lib/libssl/src/crypto/asn1/asn_pack.c b/src/lib/libssl/src/crypto/asn1/asn_pack.c
index 662a2626a1..bdf5f130b3 100644
--- a/src/lib/libssl/src/crypto/asn1/asn_pack.c
+++ b/src/lib/libssl/src/crypto/asn1/asn_pack.c
@@ -65,7 +65,7 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 
 STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-             void (*free_func)())
+             void (*free_func)(void *))
 {
     STACK *sk;
     unsigned char *pbuf;
@@ -77,7 +77,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 }
 
 /* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * Malloc'ed buffer
+ * OPENSSL_malloc'ed buffer
  */
 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
@@ -90,7 +90,7 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
                 ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
                 return NULL;
         }
-        if (!(safe = Malloc (safelen))) {
+        if (!(safe = OPENSSL_malloc (safelen))) {
                 ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -134,7 +134,7 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
                 ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
                 return NULL;
         }
-        if (!(p = Malloc (octmp->length))) {
+        if (!(p = OPENSSL_malloc (octmp->length))) {
                 ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
diff --git a/src/lib/libssl/src/crypto/asn1/charmap.h b/src/lib/libssl/src/crypto/asn1/charmap.h
new file mode 100644
index 0000000000..bd020a9562
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/charmap.h
@@ -0,0 +1,15 @@
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+};
+
diff --git a/src/lib/libssl/src/crypto/asn1/charmap.pl b/src/lib/libssl/src/crypto/asn1/charmap.pl
new file mode 100644
index 0000000000..2875c59867
--- /dev/null
+++ b/src/lib/libssl/src/crypto/asn1/charmap.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;    # Character escaped with \
+my $ESC_CTRL    = 2;    # Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE = 8;    # Not escaped if quoted
+my $PSTRING_CHAR = 0x10;        # Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+
+for($i = 0; $i < 128; $i++) {
+        # Set the RFC2253 escape characters (control)
+        $arr[$i] = 0;
+        if(($i < 32) || ($i > 126)) {
+                $arr[$i] |= $ESC_CTRL;
+        }
+
+        # Some PrintableString characters
+        if(                ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+                        || (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+                        || (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+                $arr[$i] |= $PSTRING_CHAR;
+        }
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR;
+$arr[ord(".")] |= $PSTRING_CHAR;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+EOF
+
+for($i = 0; $i < 128; $i++) {
+        print("\n") if($i && (($i % 16) == 0));
+        printf("%2d", $arr[$i]);
+        print(",") if ($i != 127);
+}
+print("\n};\n\n");
+
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_dsap.c b/src/lib/libssl/src/crypto/asn1/d2i_dsap.c
index 6d1c297133..9d4dea6145 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_dsap.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_dsap.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
 
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_r_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_r_pu.c
index d1289f160e..9e5d41cf53 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_r_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_r_pu.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
 
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_s_pr.c b/src/lib/libssl/src/crypto/asn1/d2i_s_pr.c
index dec2a2ebd3..55d5802d70 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_s_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_s_pr.c
@@ -92,6 +92,7 @@ DSA *d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length)
                 == NULL) goto err_bn;
 
         M_ASN1_INTEGER_free(bs);
+        bs = NULL;
 
         M_ASN1_D2I_Finish_2(a);
 err_bn:
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_s_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_s_pu.c
index e0adaa0393..0b7d2fafcc 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_s_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_s_pu.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
 
diff --git a/src/lib/libssl/src/crypto/asn1/f_enum.c b/src/lib/libssl/src/crypto/asn1/f_enum.c
index 3d0b1107cb..56e3cc8df2 100644
--- a/src/lib/libssl/src/crypto/asn1/f_enum.c
+++ b/src/lib/libssl/src/crypto/asn1/f_enum.c
@@ -153,15 +153,15 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
                 if (num+i > slen)
                         {
                         if (s == NULL)
-                                sp=(unsigned char *)Malloc(
+                                sp=(unsigned char *)OPENSSL_malloc(
                                         (unsigned int)num+i*2);
                         else
-                                sp=(unsigned char *)Realloc(s,
+                                sp=(unsigned char *)OPENSSL_realloc(s,
                                         (unsigned int)num+i*2);
                         if (sp == NULL)
                                 {
                                 ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) Free(s);
+                                if (s != NULL) OPENSSL_free(s);
                                 goto err;
                                 }
                         s=sp;
diff --git a/src/lib/libssl/src/crypto/asn1/f_int.c b/src/lib/libssl/src/crypto/asn1/f_int.c
index cd57331c3f..6b090f6740 100644
--- a/src/lib/libssl/src/crypto/asn1/f_int.c
+++ b/src/lib/libssl/src/crypto/asn1/f_int.c
@@ -160,15 +160,15 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
                 if (num+i > slen)
                         {
                         if (s == NULL)
-                                sp=(unsigned char *)Malloc(
+                                sp=(unsigned char *)OPENSSL_malloc(
                                         (unsigned int)num+i*2);
                         else
-                                sp=(unsigned char *)Realloc(s,
+                                sp=(unsigned char *)OPENSSL_realloc(s,
                                         (unsigned int)num+i*2);
                         if (sp == NULL)
                                 {
                                 ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) Free(s);
+                                if (s != NULL) OPENSSL_free(s);
                                 goto err;
                                 }
                         s=sp;
diff --git a/src/lib/libssl/src/crypto/asn1/f_string.c b/src/lib/libssl/src/crypto/asn1/f_string.c
index 088313689a..968698a798 100644
--- a/src/lib/libssl/src/crypto/asn1/f_string.c
+++ b/src/lib/libssl/src/crypto/asn1/f_string.c
@@ -158,15 +158,15 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
                 if (num+i > slen)
                         {
                         if (s == NULL)
-                                sp=(unsigned char *)Malloc(
+                                sp=(unsigned char *)OPENSSL_malloc(
                                         (unsigned int)num+i*2);
                         else
-                                sp=(unsigned char *)Realloc(s,
+                                sp=(unsigned char *)OPENSSL_realloc(s,
                                         (unsigned int)num+i*2);
                         if (sp == NULL)
                                 {
                                 ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) Free(s);
+                                if (s != NULL) OPENSSL_free(s);
                                 goto err;
                                 }
                         s=sp;
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_dhp.c b/src/lib/libssl/src/crypto/asn1/i2d_dhp.c
index 61eeb646f9..b1de17fe07 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_dhp.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_dhp.c
@@ -105,7 +105,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
         ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
         bs.type=V_ASN1_INTEGER;
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
@@ -118,7 +118,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         ret=t;
 err:
         if (num[2] != NULL) BN_free(num[2]);
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_dsap.c b/src/lib/libssl/src/crypto/asn1/i2d_dsap.c
index 4021123ba3..157fb43893 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_dsap.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_dsap.c
@@ -94,7 +94,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
         ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
         bs.type=V_ASN1_INTEGER;
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
@@ -107,7 +107,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         ret=t;
 err:
         *pp=p;
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_r_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_r_pr.c
index 1250fa4b2d..88b1aac989 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_r_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_r_pr.c
@@ -107,7 +107,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
 
         i2d_ASN1_INTEGER(&bs,&p);
 
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
@@ -119,7 +119,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         *pp=p;
         return(t);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_r_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_r_pu.c
index 582b92ee4c..8178c2c3b3 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_r_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_r_pu.c
@@ -93,7 +93,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
         ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
         bs.type=V_ASN1_INTEGER;
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
@@ -105,7 +105,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         *pp=p;
         return(t);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_s_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_s_pr.c
index e399ceaeb9..9922952ad7 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_s_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_s_pr.c
@@ -104,7 +104,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
 
         i2d_ASN1_INTEGER(&bs,&p);
 
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
@@ -116,7 +116,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         *pp=p;
         return(t);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_s_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_s_pu.c
index ca7f251b71..e6014b82a8 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_s_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_s_pu.c
@@ -109,7 +109,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
                 ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
         bs.type=V_ASN1_INTEGER;
-        bs.data=(unsigned char *)Malloc(max+4);
+        bs.data=(unsigned char *)OPENSSL_malloc(max+4);
         if (bs.data == NULL)
                 {
                 ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
@@ -121,7 +121,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
                 bs.length=BN_bn2bin(num[i],bs.data);
                 i2d_ASN1_INTEGER(&bs,&p);
                 }
-        Free(bs.data);
+        OPENSSL_free(bs.data);
         *pp=p;
         if(all) return(t);
         else return(tot);
diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c
index d804986b73..9840193538 100644
--- a/src/lib/libssl/src/crypto/asn1/n_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -81,6 +81,11 @@ static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
 
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+{
+        return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
         {
         int i,j,l[6];
         NETSCAPE_PKEY *pkey;
@@ -139,8 +144,8 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
                 }
 
         if (pkey->private_key->data != NULL)
-                Free(pkey->private_key->data);
-        if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+                OPENSSL_free(pkey->private_key->data);
+        if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
                 {
                 ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -148,7 +153,7 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
         zz=pkey->private_key->data;
         i2d_RSAPrivateKey(a,&zz);
 
-        if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+        if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
                 {
                 ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -164,8 +169,18 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
                 ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
                 goto err;
                 }
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
-                strlen((char *)buf),1,key,NULL);
+        i = strlen((char *)buf);
+        /* If the key is used for SGC the algorithm is modified a little. */
+        if(sgckey){
+                EVP_MD_CTX mctx;
+                EVP_DigestInit(&mctx, EVP_md5());
+                EVP_DigestUpdate(&mctx, buf, i);
+                EVP_DigestFinal(&mctx, buf, NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+                
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
         memset(buf,0,256);
 
         EVP_CIPHER_CTX_init(&ctx);
@@ -182,14 +197,20 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
         i2d_ASN1_OCTET_STRING(&os2,&p);
         ret=l[5];
 err:
-        if (os2.data != NULL) Free(os2.data);
+        if (os2.data != NULL) OPENSSL_free(os2.data);
         if (alg != NULL) X509_ALGOR_free(alg);
         if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
         r=r;
         return(ret);
         }
 
+
 RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+{
+        return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
         {
         RSA *ret=NULL;
         ASN1_OCTET_STRING *os=NULL;
@@ -210,14 +231,24 @@ RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
                 }
         M_ASN1_BIT_STRING_free(os);
         c.q=c.p;
-        if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
+        if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
+        /* Note: some versions of IIS key files use length values that are
+         * too small for the surrounding SEQUENCEs. This following line
+         * effectively disable length checking.
+         */
+        c.slen = 0;
 
         M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
         }
 
 RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
              int (*cb)())
+{
+        return d2i_RSA_NET_2(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+             int (*cb)(), int sgckey)
         {
         NETSCAPE_PKEY *pkey=NULL;
         RSA *ret=NULL;
@@ -250,8 +281,17 @@ RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
                 goto err;
                 }
 
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
-                strlen((char *)buf),1,key,NULL);
+        i = strlen((char *)buf);
+        if(sgckey){
+                EVP_MD_CTX mctx;
+                EVP_DigestInit(&mctx, EVP_md5());
+                EVP_DigestUpdate(&mctx, buf, i);
+                EVP_DigestFinal(&mctx, buf, NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+                
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
         memset(buf,0,256);
 
         EVP_CIPHER_CTX_init(&ctx);
@@ -334,7 +374,7 @@ static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
         M_ASN1_INTEGER_free(a->version);
         X509_ALGOR_free(a->algor);
         M_ASN1_OCTET_STRING_free(a->private_key);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 #endif /* NO_RC4 */
diff --git a/src/lib/libssl/src/crypto/asn1/nsseq.c b/src/lib/libssl/src/crypto/asn1/nsseq.c
index 417d024b81..6e7f09ba23 100644
--- a/src/lib/libssl/src/crypto/asn1/nsseq.c
+++ b/src/lib/libssl/src/crypto/asn1/nsseq.c
@@ -114,5 +114,5 @@ void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
         ASN1_OBJECT_free(a->type);
         if(a->certs)
             sk_X509_pop_free(a->certs, X509_free);
-        Free (a);
+        OPENSSL_free (a);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
index a147ac3295..b7ed538eb2 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
@@ -103,7 +103,7 @@ void PBEPARAM_free (PBEPARAM *a)
         if(a==NULL) return;
         M_ASN1_OCTET_STRING_free(a->salt);
         M_ASN1_INTEGER_free (a->iter);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
@@ -123,7 +123,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
         if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
         ASN1_INTEGER_set (pbe->iter, iter);
         if (!saltlen) saltlen = PKCS5_SALT_LEN;
-        if (!(pbe->salt->data = Malloc (saltlen))) {
+        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
                 ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
index 1bbdb10c71..6a7b578c0e 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -104,7 +104,7 @@ void PBE2PARAM_free (PBE2PARAM *a)
         if(a==NULL) return;
         X509_ALGOR_free(a->keyfunc);
         X509_ALGOR_free(a->encryption);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
@@ -158,7 +158,7 @@ void PBKDF2PARAM_free (PBKDF2PARAM *a)
         M_ASN1_INTEGER_free(a->iter);
         M_ASN1_INTEGER_free(a->keylength);
         X509_ALGOR_free(a->prf);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
@@ -210,7 +210,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
 
         if (!saltlen) saltlen = PKCS5_SALT_LEN;
-        if (!(osalt->data = Malloc (saltlen))) goto merr;
+        if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
         osalt->length = saltlen;
         if (salt) memcpy (osalt->data, salt, saltlen);
         else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
diff --git a/src/lib/libssl/src/crypto/asn1/p7_dgst.c b/src/lib/libssl/src/crypto/asn1/p7_dgst.c
index cba90e94a1..c170244616 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_dgst.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_dgst.c
@@ -116,6 +116,6 @@ void PKCS7_DIGEST_free(PKCS7_DIGEST *a)
         X509_ALGOR_free(a->md);
         PKCS7_free(a->contents);
         M_ASN1_OCTET_STRING_free(a->digest);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_enc.c b/src/lib/libssl/src/crypto/asn1/p7_enc.c
index 83b0e15faa..38ccafbdb0 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_enc.c
@@ -106,6 +106,6 @@ void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a)
         if (a == NULL) return;
         M_ASN1_INTEGER_free(a->version);
         PKCS7_ENC_CONTENT_free(a->enc_data);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_enc_c.c b/src/lib/libssl/src/crypto/asn1/p7_enc_c.c
index 582cc78b06..031178ab52 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_enc_c.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_enc_c.c
@@ -115,6 +115,6 @@ void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a)
         ASN1_OBJECT_free(a->content_type);
         X509_ALGOR_free(a->algorithm);
         M_ASN1_OCTET_STRING_free(a->enc_data);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_evp.c b/src/lib/libssl/src/crypto/asn1/p7_evp.c
index 4e734fdd28..60be3e5f66 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_evp.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_evp.c
@@ -114,6 +114,6 @@ void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a)
         M_ASN1_INTEGER_free(a->version);
         sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
         PKCS7_ENC_CONTENT_free(a->enc_data);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_i_s.c b/src/lib/libssl/src/crypto/asn1/p7_i_s.c
index d21f7ddb84..4a7260a5c8 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_i_s.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_i_s.c
@@ -106,6 +106,6 @@ void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a)
         if (a == NULL) return;
         X509_NAME_free(a->issuer);
         M_ASN1_INTEGER_free(a->serial);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_lib.c b/src/lib/libssl/src/crypto/asn1/p7_lib.c
index 86db82cfa1..b1196ef581 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_lib.c
@@ -62,6 +62,8 @@
 #include <openssl/pkcs7.h>
 #include <openssl/objects.h>
 
+#ifdef PKCS7_INDEFINITE_ENCODING
+
 int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
         {
         M_ASN1_I2D_vars(a);
@@ -102,6 +104,7 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
                         M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
                         break;
                 default:
+                        M_ASN1_I2D_len(a->d.other,i2d_ASN1_TYPE);
                         break;
                         }
                 }
@@ -136,6 +139,7 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
                         M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
                         break;
                 default:
+                        M_ASN1_I2D_put(a->d.other,i2d_ASN1_TYPE);
                         break;
                         }
                 M_ASN1_I2D_INF_seq_end();
@@ -144,6 +148,98 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
         M_ASN1_I2D_finish();
         }
 
+#else
+
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
+        {
+        int explen = 0;
+        M_ASN1_I2D_vars(a);
+
+        if (a->asn1 != NULL)
+                {
+                if (pp == NULL)
+                        return((int)a->length);
+                memcpy(*pp,a->asn1,(int)a->length);
+                *pp+=a->length;
+                return((int)a->length);
+                }
+
+        M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+        if (a->d.ptr != NULL)
+                {
+                /* Save current length */
+                r = ret;
+                switch (OBJ_obj2nid(a->type))
+                        {
+                case NID_pkcs7_data:
+                        M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+                        break;
+                case NID_pkcs7_signed:
+                        M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+                        break;
+                case NID_pkcs7_enveloped:
+                        M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+                        break;
+                case NID_pkcs7_signedAndEnveloped:
+                        M_ASN1_I2D_len(a->d.signed_and_enveloped,
+                                i2d_PKCS7_SIGN_ENVELOPE);
+                        break;
+                case NID_pkcs7_digest:
+                        M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+                        break;
+                case NID_pkcs7_encrypted:
+                        M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+                        break;
+                default:
+                        M_ASN1_I2D_len(a->d.other,i2d_ASN1_TYPE);
+                        break;
+                        }
+                /* Work out explicit tag content size */
+                explen = ret - r;
+                /* Work out explicit tag size: Note: ASN1_object_size
+                 * includes the content length.
+                 */
+                ret =  r + ASN1_object_size(1, explen, 0);
+                }
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+        if (a->d.ptr != NULL)
+                {
+                ASN1_put_object(&p, 1, explen, 0, V_ASN1_CONTEXT_SPECIFIC);
+                switch (OBJ_obj2nid(a->type))
+                        {
+                case NID_pkcs7_data:
+                        M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+                        break;
+                case NID_pkcs7_signed:
+                        M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+                        break;
+                case NID_pkcs7_enveloped:
+                        M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+                        break;
+                case NID_pkcs7_signedAndEnveloped:
+                        M_ASN1_I2D_put(a->d.signed_and_enveloped,
+                                i2d_PKCS7_SIGN_ENVELOPE);
+                        break;
+                case NID_pkcs7_digest:
+                        M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+                        break;
+                case NID_pkcs7_encrypted:
+                        M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+                        break;
+                default:
+                        M_ASN1_I2D_put(a->d.other,i2d_ASN1_TYPE);
+                        break;
+                        }
+                }
+        M_ASN1_I2D_finish();
+        }
+
+#endif
+
 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
         {
         M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
@@ -152,7 +248,7 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
                 {
                 if ((*a)->asn1 != NULL)
                         {
-                        Free((*a)->asn1);
+                        OPENSSL_free((*a)->asn1);
                         (*a)->asn1=NULL;
                         }
                 (*a)->length=0;
@@ -206,10 +302,8 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
                         M_ASN1_D2I_get(ret->d.encrypted,d2i_PKCS7_ENCRYPT);
                         break;
                 default:
-                        c.error=ASN1_R_BAD_PKCS7_TYPE;
-                        c.line=__LINE__;
-                        goto err;
-                        /* break; */
+                        M_ASN1_D2I_get(ret->d.other,d2i_ASN1_TYPE);
+                        break;
                         }
                 if (Tinf == (1|V_ASN1_CONSTRUCTED))
                         {
@@ -251,7 +345,7 @@ void PKCS7_free(PKCS7 *a)
                 {
                 ASN1_OBJECT_free(a->type);
                 }
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void PKCS7_content_free(PKCS7 *a)
@@ -259,7 +353,7 @@ void PKCS7_content_free(PKCS7 *a)
         if(a == NULL)
             return;
 
-        if (a->asn1 != NULL) Free(a->asn1);
+        if (a->asn1 != NULL) OPENSSL_free(a->asn1);
 
         if (a->d.ptr != NULL)
                 {
@@ -286,10 +380,12 @@ void PKCS7_content_free(PKCS7 *a)
                         PKCS7_ENCRYPT_free(a->d.encrypted);
                         break;
                 default:
-                        /* MEMORY LEAK */
+                        ASN1_TYPE_free(a->d.other);
                         break;
                         }
                 }
         a->d.ptr=NULL;
         }
 
+IMPLEMENT_STACK_OF(PKCS7)
+IMPLEMENT_ASN1_SET_OF(PKCS7)
diff --git a/src/lib/libssl/src/crypto/asn1/p7_recip.c b/src/lib/libssl/src/crypto/asn1/p7_recip.c
index b1abfa3b8f..5f6c88a2fa 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_recip.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_recip.c
@@ -118,7 +118,7 @@ void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a)
         X509_ALGOR_free(a->key_enc_algor);
         M_ASN1_OCTET_STRING_free(a->enc_key);
         if (a->cert != NULL) X509_free(a->cert);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 IMPLEMENT_STACK_OF(PKCS7_RECIP_INFO)
diff --git a/src/lib/libssl/src/crypto/asn1/p7_s_e.c b/src/lib/libssl/src/crypto/asn1/p7_s_e.c
index 3d18fedf8e..709eb24b27 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_s_e.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_s_e.c
@@ -140,6 +140,6 @@ void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a)
         sk_X509_pop_free(a->cert,X509_free);
         sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
         sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p7_signd.c b/src/lib/libssl/src/crypto/asn1/p7_signd.c
index f6f16a8715..c835f5475f 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_signd.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_signd.c
@@ -131,5 +131,5 @@ void PKCS7_SIGNED_free(PKCS7_SIGNED *a)
         sk_X509_pop_free(a->cert,X509_free);
         sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
         sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-        Free(a);
+        OPENSSL_free(a);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/p7_signi.c b/src/lib/libssl/src/crypto/asn1/p7_signi.c
index f74658ffe6..248bf00945 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_signi.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_signi.c
@@ -143,7 +143,7 @@ void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a)
         sk_X509_ATTRIBUTE_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
         if (a->pkey != NULL)
                 EVP_PKEY_free(a->pkey);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 IMPLEMENT_STACK_OF(PKCS7_SIGNER_INFO)
diff --git a/src/lib/libssl/src/crypto/asn1/p8_key.c b/src/lib/libssl/src/crypto/asn1/p8_key.c
index 0b24374627..3a31248e14 100644
--- a/src/lib/libssl/src/crypto/asn1/p8_key.c
+++ b/src/lib/libssl/src/crypto/asn1/p8_key.c
@@ -94,7 +94,7 @@ X509 *X509_KEY_new(void)
         {
         X509_KEY *ret=NULL;
 
-        M_ASN1_New_Malloc(ret,X509_KEY);
+        M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
         ret->references=1;
         ret->type=NID
         M_ASN1_New(ret->cert_info,X509_CINF_new);
@@ -126,6 +126,6 @@ void X509_KEY_free(X509 *a)
         X509_CINF_free(a->cert_info);
         X509_ALGOR_free(a->sig_alg);
         ASN1_BIT_STRING_free(a->signature);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
index 59cfbe7f28..fa6cbfb6f8 100644
--- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -123,5 +123,5 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
                                  0, a->pkey->value.octet_string->length);
         ASN1_TYPE_free (a->pkey);
         sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
-        Free (a);
+        OPENSSL_free (a);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c
index e570ed1c47..ae18da96e3 100644
--- a/src/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -99,7 +99,7 @@ int RSA_print(BIO *bp, RSA *x, int off)
         int i,ret=0;
 
         i=RSA_size(x);
-        m=(unsigned char *)Malloc((unsigned int)i+10);
+        m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
         if (m == NULL)
                 {
                 RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -133,7 +133,7 @@ int RSA_print(BIO *bp, RSA *x, int off)
         if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
         ret=1;
 err:
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
 #endif /* NO_RSA */
@@ -176,7 +176,7 @@ int DSA_print(BIO *bp, DSA *x, int off)
                 i=BN_num_bytes(bn)*2;
         else
                 i=256;
-        m=(unsigned char *)Malloc((unsigned int)i+10);
+        m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
         if (m == NULL)
                 {
                 DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -204,7 +204,7 @@ int DSA_print(BIO *bp, DSA *x, int off)
         if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
         ret=1;
 err:
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
 #endif /* !NO_DSA */
@@ -284,7 +284,7 @@ int DHparams_print(BIO *bp, DH *x)
         int reason=ERR_R_BUF_LIB,i,ret=0;
 
         i=BN_num_bytes(x->p);
-        m=(unsigned char *)Malloc((unsigned int)i+10);
+        m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
         if (m == NULL)
                 {
                 reason=ERR_R_MALLOC_FAILURE;
@@ -307,7 +307,7 @@ int DHparams_print(BIO *bp, DH *x)
 err:
                 DHerr(DH_F_DHPARAMS_PRINT,reason);
                 }
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
 #endif
@@ -337,7 +337,7 @@ int DSAparams_print(BIO *bp, DSA *x)
         int reason=ERR_R_BUF_LIB,i,ret=0;
 
         i=BN_num_bytes(x->p);
-        m=(unsigned char *)Malloc((unsigned int)i+10);
+        m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
         if (m == NULL)
                 {
                 reason=ERR_R_MALLOC_FAILURE;
@@ -352,7 +352,7 @@ int DSAparams_print(BIO *bp, DSA *x)
         if (!print(bp,"g:",x->g,m,4)) goto err;
         ret=1;
 err:
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
index 6ee1065ce9..314bdfb1c7 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -223,7 +223,7 @@ int X509_print(BIO *bp, X509 *x)
         ret=1;
 err:
         if (str != NULL) ASN1_STRING_free(str);
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509a.c b/src/lib/libssl/src/crypto/asn1/t_x509a.c
index a18ebb586c..f06af5b576 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509a.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509a.c
@@ -98,5 +98,13 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
         } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
         if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
                                                         aux->alias->data);
+        if(aux->keyid) {
+                BIO_printf(out, "%*sKey Id: ", indent, "");
+                for(i = 0; i < aux->keyid->length; i++) 
+                        BIO_printf(out, "%s%02X", 
+                                i ? ":" : "",
+                                aux->keyid->data[i]);
+                BIO_write(out,"\n",1);
+        }
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_algor.c b/src/lib/libssl/src/crypto/asn1/x_algor.c
index fe023842f8..853a8dfeef 100644
--- a/src/lib/libssl/src/crypto/asn1/x_algor.c
+++ b/src/lib/libssl/src/crypto/asn1/x_algor.c
@@ -111,7 +111,7 @@ void X509_ALGOR_free(X509_ALGOR *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->algorithm);
         ASN1_TYPE_free(a->parameter);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
diff --git a/src/lib/libssl/src/crypto/asn1/x_attrib.c b/src/lib/libssl/src/crypto/asn1/x_attrib.c
index a874df79db..14e5ea27aa 100644
--- a/src/lib/libssl/src/crypto/asn1/x_attrib.c
+++ b/src/lib/libssl/src/crypto/asn1/x_attrib.c
@@ -160,6 +160,6 @@ void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
                 sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
         else
                 ASN1_TYPE_free(a->value.single);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_cinf.c b/src/lib/libssl/src/crypto/asn1/x_cinf.c
index b87c8fff17..339a110eef 100644
--- a/src/lib/libssl/src/crypto/asn1/x_cinf.c
+++ b/src/lib/libssl/src/crypto/asn1/x_cinf.c
@@ -196,6 +196,6 @@ void X509_CINF_free(X509_CINF *a)
         M_ASN1_BIT_STRING_free(a->issuerUID);
         M_ASN1_BIT_STRING_free(a->subjectUID);
         sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
index 12a42d04c7..1f302d0e01 100644
--- a/src/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -61,8 +61,10 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
 
-static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                                const X509_REVOKED * const *b);
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+                                const X509_REVOKED * const *b);
 int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
         {
         M_ASN1_I2D_vars(a);
@@ -100,7 +102,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
         {
         int v1=0;
         long l=0;
-        int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);
+        int (*old_cmp)(const X509_REVOKED * const *,
+                        const X509_REVOKED * const *);
         M_ASN1_I2D_vars(a);
         
         old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
@@ -283,7 +286,7 @@ void X509_REVOKED_free(X509_REVOKED *a)
         M_ASN1_INTEGER_free(a->serialNumber);
         M_ASN1_UTCTIME_free(a->revocationDate);
         sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void X509_CRL_INFO_free(X509_CRL_INFO *a)
@@ -297,7 +300,7 @@ void X509_CRL_INFO_free(X509_CRL_INFO *a)
                 M_ASN1_UTCTIME_free(a->nextUpdate);
         sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
         sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void X509_CRL_free(X509_CRL *a)
@@ -322,17 +325,19 @@ void X509_CRL_free(X509_CRL *a)
         X509_CRL_INFO_free(a->crl);
         X509_ALGOR_free(a->sig_alg);
         M_ASN1_BIT_STRING_free(a->signature);
-        Free(a);
+        OPENSSL_free(a);
         }
 
-static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b)
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                        const X509_REVOKED * const *b)
         {
         return(ASN1_STRING_cmp(
                 (ASN1_STRING *)(*a)->serialNumber,
                 (ASN1_STRING *)(*b)->serialNumber));
         }
 
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+                                const X509_REVOKED * const *b)
         {
         return((*a)->sequence-(*b)->sequence);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/x_exten.c b/src/lib/libssl/src/crypto/asn1/x_exten.c
index 185cbd78a0..fbfd963b40 100644
--- a/src/lib/libssl/src/crypto/asn1/x_exten.c
+++ b/src/lib/libssl/src/crypto/asn1/x_exten.c
@@ -134,6 +134,6 @@ void X509_EXTENSION_free(X509_EXTENSION *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->object);
         M_ASN1_OCTET_STRING_free(a->value);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_info.c b/src/lib/libssl/src/crypto/asn1/x_info.c
index 7fdc6f9dc8..5e62fc2f6f 100644
--- a/src/lib/libssl/src/crypto/asn1/x_info.c
+++ b/src/lib/libssl/src/crypto/asn1/x_info.c
@@ -66,7 +66,7 @@ X509_INFO *X509_INFO_new(void)
         {
         X509_INFO *ret=NULL;
 
-        ret=(X509_INFO *)Malloc(sizeof(X509_INFO));
+        ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
         if (ret == NULL)
                 {
                 ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
@@ -106,8 +106,8 @@ void X509_INFO_free(X509_INFO *x)
         if (x->x509 != NULL) X509_free(x->x509);
         if (x->crl != NULL) X509_CRL_free(x->crl);
         if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-        if (x->enc_data != NULL) Free(x->enc_data);
-        Free(x);
+        if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
+        OPENSSL_free(x);
         }
 
 IMPLEMENT_STACK_OF(X509_INFO)
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
index 64baf5719d..b832deb928 100644
--- a/src/lib/libssl/src/crypto/asn1/x_name.c
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -217,7 +217,7 @@ X509_NAME *X509_NAME_new(void)
         ASN1_CTX c;
 
         M_ASN1_New_Malloc(ret,X509_NAME);
-        if ((ret->entries=sk_X509_NAME_ENTRY_new(NULL)) == NULL)
+        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
                 { c.line=__LINE__; goto err2; }
         M_ASN1_New(ret->bytes,BUF_MEM_new);
         ret->modified=1;
@@ -246,7 +246,7 @@ void X509_NAME_free(X509_NAME *a)
 
         BUF_MEM_free(a->bytes);
         sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
@@ -254,7 +254,7 @@ void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->object);
         M_ASN1_BIT_STRING_free(a->value);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
diff --git a/src/lib/libssl/src/crypto/asn1/x_pkey.c b/src/lib/libssl/src/crypto/asn1/x_pkey.c
index fe58919dbb..f1c6221ac3 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pkey.c
@@ -146,6 +146,6 @@ void X509_PKEY_free(X509_PKEY *x)
         if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
         if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
         if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-        if ((x->key_data != NULL) && (x->key_free)) Free(x->key_data);
-        Free(x);
+        if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
+        OPENSSL_free(x);
         }
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index 7a05d575c9..b2e2a51477 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -112,7 +112,7 @@ void X509_PUBKEY_free(X509_PUBKEY *a)
         X509_ALGOR_free(a->algor);
         M_ASN1_BIT_STRING_free(a->public_key);
         if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
@@ -156,14 +156,14 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                 dsa->write_params=0;
                 ASN1_TYPE_free(a->parameter);
                 i=i2d_DSAparams(dsa,NULL);
-                p=(unsigned char *)Malloc(i);
+                p=(unsigned char *)OPENSSL_malloc(i);
                 pp=p;
                 i2d_DSAparams(dsa,&pp);
                 a->parameter=ASN1_TYPE_new();
                 a->parameter->type=V_ASN1_SEQUENCE;
                 a->parameter->value.sequence=ASN1_STRING_new();
                 ASN1_STRING_set(a->parameter->value.sequence,p,i);
-                Free(p);
+                OPENSSL_free(p);
                 }
         else
 #endif
@@ -173,7 +173,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                 }
 
         if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-        if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
+        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
         p=s;
         i2d_PublicKey(pkey,&p);
         if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
@@ -181,7 +181,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
         pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 
-        Free(s);
+        OPENSSL_free(s);
 
 #if 0
         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c
index 0cd572ee73..6dddd4f653 100644
--- a/src/lib/libssl/src/crypto/asn1/x_req.c
+++ b/src/lib/libssl/src/crypto/asn1/x_req.c
@@ -65,6 +65,14 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
         {
         M_ASN1_I2D_vars(a);
 
+        if(a->asn1) {
+                if(pp) {
+                        memcpy(*pp, a->asn1, a->length);
+                        *pp += a->length;
+                }
+                return a->length;
+        }
+
         M_ASN1_I2D_len(a->version,              i2d_ASN1_INTEGER);
         M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
         M_ASN1_I2D_len(a->pubkey,               i2d_X509_PUBKEY);
@@ -152,6 +160,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
         M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
         M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
         ret->req_kludge=0;
+        ret->asn1 = NULL;
         return(ret);
         M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
         }
@@ -159,11 +168,12 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
 void X509_REQ_INFO_free(X509_REQ_INFO *a)
         {
         if (a == NULL) return;
+        if(a->asn1) OPENSSL_free(a->asn1);
         M_ASN1_INTEGER_free(a->version);
         X509_NAME_free(a->subject);
         X509_PUBKEY_free(a->pubkey);
         sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
@@ -189,6 +199,17 @@ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
         M_ASN1_D2I_Init();
         M_ASN1_D2I_start_sequence();
         M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
+
+        /* Keep a copy of the original encoding for signature checking */
+        ret->req_info->length = c.p - c.q;
+        if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
+                c.line=__LINE__;
+                c.error = ERR_R_MALLOC_FAILURE;
+                goto err;
+        }
+
+        memcpy(ret->req_info->asn1, c.q, ret->req_info->length);
+
         M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
         M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
         M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
@@ -230,7 +251,7 @@ void X509_REQ_free(X509_REQ *a)
         X509_REQ_INFO_free(a->req_info);
         X509_ALGOR_free(a->sig_alg);
         M_ASN1_BIT_STRING_free(a->signature);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_sig.c b/src/lib/libssl/src/crypto/asn1/x_sig.c
index 3559bd5368..d79f147647 100644
--- a/src/lib/libssl/src/crypto/asn1/x_sig.c
+++ b/src/lib/libssl/src/crypto/asn1/x_sig.c
@@ -104,7 +104,7 @@ void X509_SIG_free(X509_SIG *a)
         if (a == NULL) return;
         X509_ALGOR_free(a->algor);
         M_ASN1_OCTET_STRING_free(a->digest);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_spki.c b/src/lib/libssl/src/crypto/asn1/x_spki.c
index 8f5e7e6380..4f01888f7d 100644
--- a/src/lib/libssl/src/crypto/asn1/x_spki.c
+++ b/src/lib/libssl/src/crypto/asn1/x_spki.c
@@ -109,7 +109,7 @@ void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
         if (a == NULL) return;
         X509_PUBKEY_free(a->pubkey);
         M_ASN1_IA5STRING_free(a->challenge);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
@@ -161,6 +161,6 @@ void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
         NETSCAPE_SPKAC_free(a->spkac);
         X509_ALGOR_free(a->sig_algor);
         M_ASN1_BIT_STRING_free(a->signature);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_val.c b/src/lib/libssl/src/crypto/asn1/x_val.c
index 1a2f49ffdf..0f8f020b57 100644
--- a/src/lib/libssl/src/crypto/asn1/x_val.c
+++ b/src/lib/libssl/src/crypto/asn1/x_val.c
@@ -104,6 +104,6 @@ void X509_VAL_free(X509_VAL *a)
         if (a == NULL) return;
         M_ASN1_TIME_free(a->notBefore);
         M_ASN1_TIME_free(a->notAfter);
-        Free(a);
+        OPENSSL_free(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c
index 11e564ea30..61ba856b17 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509.c
@@ -61,6 +61,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 static int x509_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
@@ -102,7 +103,7 @@ X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
         M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
         M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
         M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-        if (ret->name != NULL) Free(ret->name);
+        if (ret->name != NULL) OPENSSL_free(ret->name);
         ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
 
         M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
@@ -114,11 +115,14 @@ X509 *X509_new(void)
         ASN1_CTX c;
 
         M_ASN1_New_Malloc(ret,X509);
-        ret->references=1;
         ret->valid=0;
+        ret->references=1;
+        ret->name = NULL;
         ret->ex_flags = 0;
-        ret->name=NULL;
-        ret->aux=NULL;
+        ret->ex_pathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
+        ret->aux = NULL;
         M_ASN1_New(ret->cert_info,X509_CINF_new);
         M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
         M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new);
@@ -151,9 +155,11 @@ void X509_free(X509 *a)
         X509_ALGOR_free(a->sig_alg);
         M_ASN1_BIT_STRING_free(a->signature);
         X509_CERT_AUX_free(a->aux);
+        ASN1_OCTET_STRING_free(a->skid);
+        AUTHORITY_KEYID_free(a->akid);
 
-        if (a->name != NULL) Free(a->name);
-        Free(a);
+        if (a->name != NULL) OPENSSL_free(a->name);
+        OPENSSL_free(a);
         }
 
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509a.c b/src/lib/libssl/src/crypto/asn1/x_x509a.c
index b9987ea968..ebcce87bf2 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509a.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509a.c
@@ -112,7 +112,7 @@ void X509_CERT_AUX_free(X509_CERT_AUX *a)
         ASN1_UTF8STRING_free(a->alias);
         ASN1_OCTET_STRING_free(a->keyid);
         sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free);
-        Free(a);
+        OPENSSL_free(a);
 }
 
 int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
@@ -153,6 +153,14 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
         return ASN1_STRING_set(aux->alias, name, len);
 }
 
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+        X509_CERT_AUX *aux;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+        return ASN1_STRING_set(aux->keyid, id, len);
+}
+
 unsigned char *X509_alias_get0(X509 *x, int *len)
 {
         if(!x->aux || !x->aux->alias) return NULL;
diff --git a/src/lib/libssl/src/crypto/bf/Makefile.ssl b/src/lib/libssl/src/crypto/bf/Makefile.ssl
index cf2f7dd48e..f4eb90f13f 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -77,7 +77,9 @@ links:
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
-install:
+install: installs
+
+installs:
         @for i in $(EXHEADER) ; \
         do  \
         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
diff --git a/src/lib/libssl/src/crypto/bf/bftest.c b/src/lib/libssl/src/crypto/bf/bftest.c
index 5695250195..cf67cadefd 100644
--- a/src/lib/libssl/src/crypto/bf/bftest.c
+++ b/src/lib/libssl/src/crypto/bf/bftest.c
@@ -442,7 +442,8 @@ static int test(void)
                 {
                 BF_set_key(&key,n,key_test);
                 BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
-                if (memcmp(out,&(key_out[n-1][0]),8) != 0)
+                /* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
+                if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
                         {
                         printf("blowfish setkey error\n");
                         err=1;
diff --git a/src/lib/libssl/src/crypto/bio/Makefile.ssl b/src/lib/libssl/src/crypto/bio/Makefile.ssl
index 755f255fe4..916d651d47 100644
--- a/src/lib/libssl/src/crypto/bio/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bio/Makefile.ssl
@@ -27,11 +27,13 @@ LIBSRC= bio_lib.c bio_cb.c bio_err.c \
         bss_file.c bss_sock.c bss_conn.c \
         bf_null.c bf_buff.c b_print.c b_dump.c \
         b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#       bf_lbuf.c
 LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
         bss_mem.o bss_null.o bss_fd.o \
         bss_file.o bss_sock.o bss_conn.o \
         bf_null.o bf_buff.o b_print.o b_dump.o \
         b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#       bf_lbuf.o
 
 SRC= $(LIBSRC)
 
@@ -89,20 +91,23 @@ clean:
 b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_dump.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_dump.o: ../cryptlib.h
 b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_print.o: ../cryptlib.h
 b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_sock.o: ../cryptlib.h
 bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -111,14 +116,16 @@ bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bf_buff.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_buff.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-bf_buff.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bf_buff.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-bf_buff.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -126,14 +133,16 @@ bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bf_nbio.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_nbio.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-bf_nbio.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_nbio.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bf_nbio.o: ../cryptlib.h
 bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -142,79 +151,93 @@ bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bf_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bf_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bf_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-bf_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bf_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-bf_null.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_cb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bio_cb.o: ../cryptlib.h
 bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-bio_err.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
-bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bio_lib.o: ../cryptlib.h
 bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_acpt.o: ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_acpt.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_acpt.o: ../cryptlib.h
 bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bss_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_bio.o: ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/symhacks.h
 bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_conn.o: ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_conn.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_conn.o: ../cryptlib.h
 bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_fd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bss_fd.o: ../cryptlib.h bss_sock.c
 bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_file.o: ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_file.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_file.o: ../cryptlib.h
 bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_log.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bss_log.o: ../cryptlib.h
 bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_mem.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bss_mem.o: ../cryptlib.h
 bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_null.o: ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_null.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_null.o: ../cryptlib.h
 bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bss_sock.o: ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_sock.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_sock.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c
index f5aeb237f5..8397cfab6a 100644
--- a/src/lib/libssl/src/crypto/bio/b_dump.c
+++ b/src/lib/libssl/src/crypto/bio/b_dump.c
@@ -66,63 +66,87 @@
 
 #define TRUNCATE
 #define DUMP_WIDTH      16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
 
 int BIO_dump(BIO *bio, const char *s, int len)
-{
-  int ret=0;
-  char buf[160+1],tmp[20];
-  int i,j,rows,trunc;
-  unsigned char ch;
-
-  trunc=0;
+        {
+        return BIO_dump_indent(bio, s, len, 0);
+        }
 
+int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
+        {
+        int ret=0;
+        char buf[288+1],tmp[20],str[128+1];
+        int i,j,rows,trunc;
+        unsigned char ch;
+        int dump_width;
+        
+        trunc=0;
+        
 #ifdef TRUNCATE
-  for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
-    trunc++;
+        for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+                trunc++;
 #endif
 
-  rows=(len/DUMP_WIDTH);
-  if ((rows*DUMP_WIDTH)<len)
-    rows++;
-  for(i=0;i<rows;i++) {
-    buf[0]='\0';        /* start with empty string */
-    sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
-    strcpy(buf,tmp);
-    for(j=0;j<DUMP_WIDTH;j++) {
-      if (((i*DUMP_WIDTH)+j)>=len) {
-        strcat(buf,"   ");
-      } else {
-        ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
-        sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
-        strcat(buf,tmp);
-      }
-    }
-    strcat(buf,"  ");
-    for(j=0;j<DUMP_WIDTH;j++) {
-      if (((i*DUMP_WIDTH)+j)>=len)
-        break;
-      ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
+        if (indent < 0)
+                indent = 0;
+        if (indent)
+                {
+                if (indent > 128) indent=128;
+                memset(str,' ',indent);
+                }
+        str[indent]='\0';
+        
+        dump_width=DUMP_WIDTH_LESS_INDENT(indent);
+        rows=(len/dump_width);
+        if ((rows*dump_width)<len)
+                rows++;
+        for(i=0;i<rows;i++)
+                {
+                buf[0]='\0';    /* start with empty string */
+                strcpy(buf,str);
+                sprintf(tmp,"%04x - ",i*dump_width);
+                strcat(buf,tmp);
+                for(j=0;j<dump_width;j++)
+                        {
+                        if (((i*dump_width)+j)>=len)
+                                {
+                                strcat(buf,"   ");
+                                }
+                        else
+                                {
+                                ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+                                sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+                                strcat(buf,tmp);
+                                }
+                        }
+                strcat(buf,"  ");
+                for(j=0;j<dump_width;j++)
+                        {
+                        if (((i*dump_width)+j)>=len)
+                                break;
+                        ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+                        sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
-      sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-              ? os_toebcdic[ch]
-              : '.');
+                        sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+                                ? os_toebcdic[ch]
+                                : '.');
 #endif
-      strcat(buf,tmp);
-    }
-    strcat(buf,"\n");
-    /* if this is the last call then update the ddt_dump thing so that
-     * we will move the selection point in the debug window 
-     */
-    ret+=BIO_write(bio,(char *)buf,strlen(buf));
-  }
+                        strcat(buf,tmp);
+                        }
+                strcat(buf,"\n");
+                /* if this is the last call then update the ddt_dump thing so that
+                 * we will move the selection point in the debug window 
+                 */
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
+                }
 #ifdef TRUNCATE
-  if (trunc > 0) {
-    sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
-    ret+=BIO_write(bio,(char *)buf,strlen(buf));
-  }
+        if (trunc > 0)
+                {
+                sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
+                }
 #endif
-  return(ret);
-}
-
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index b11b501512..a62f551635 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -61,7 +61,6 @@
  */
 
 #include <stdio.h>
-#include <stdarg.h>
 #include <string.h>
 #include <ctype.h>
 #include <assert.h>
@@ -78,48 +77,7 @@
 # endif
 #endif
 
-static void dopr (char *buffer, size_t maxlen, size_t *retlen,
-        const char *format, va_list args);
-#ifdef USE_ALLOCATING_PRINT
-static void doapr (char **buffer, size_t *retlen,
-        const char *format, va_list args);
-#endif
-
-int BIO_printf (BIO *bio, ...)
-        {
-        va_list args;
-        char *format;
-        int ret;
-        size_t retlen;
-#ifdef USE_ALLOCATING_PRINT
-        char *hugebuf;
-#else
-        MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
-#endif
-
-        va_start(args, bio);
-        format=va_arg(args, char *);
-
-#ifndef USE_ALLOCATING_PRINT
-        hugebuf[0]='\0';
-        dopr(hugebuf, sizeof(hugebuf), &retlen, format, args);
-#else
-        hugebuf = NULL;
-        CRYPTO_push_info("doapr()");
-        doapr(&hugebuf, &retlen, format, args);
-        if (hugebuf)
-                {
-#endif
-                ret=BIO_write(bio, hugebuf, (int)retlen);
-
-#ifdef USE_ALLOCATING_PRINT
-                Free(hugebuf);
-                }
-        CRYPTO_pop_info();
-#endif
-        va_end(args);
-        return(ret);
-        }
+/***************************************************************************/
 
 /*
  * Copyright Patrick Powell 1995
@@ -140,6 +98,7 @@ int BIO_printf (BIO *bio, ...)
  * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
  * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
  * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
+ * o ...                                       (for OpenSSL)
  */
 
 #if HAVE_LONG_DOUBLE
@@ -154,25 +113,15 @@ int BIO_printf (BIO *bio, ...)
 #define LLONG long
 #endif
 
-static void fmtstr     (void (*)(char **, size_t *, size_t *, int),
-                        char **, size_t *, size_t *, const char *, int, int,
-                        int);
-static void fmtint     (void (*)(char **, size_t *, size_t *, int),
-                        char **, size_t *, size_t *, LLONG, int, int, int, int);
-static void fmtfp      (void (*)(char **, size_t *, size_t *, int),
-                        char **, size_t *, size_t *, LDOUBLE, int, int, int);
-#ifndef USE_ALLOCATING_PRINT
-static int dopr_isbig (size_t, size_t);
-static int dopr_copy (size_t);
-static void dopr_outch (char **, size_t *, size_t *, int);
-#else
-static int doapr_isbig (size_t, size_t);
-static int doapr_copy (size_t);
-static void doapr_outch (char **, size_t *, size_t *, int);
-#endif
-static void _dopr(void (*)(char **, size_t *, size_t *, int),
-                  int (*)(size_t, size_t), int (*)(size_t),
-                  char **buffer, size_t *maxlen, size_t *retlen,
+static void fmtstr     (char **, char **, size_t *, size_t *,
+                        const char *, int, int, int);
+static void fmtint     (char **, char **, size_t *, size_t *,
+                        LLONG, int, int, int, int);
+static void fmtfp      (char **, char **, size_t *, size_t *,
+                        LDOUBLE, int, int, int);
+static void doapr_outch (char **, char **, size_t *, size_t *, int);
+static void _dopr(char **sbuffer, char **buffer,
+                  size_t *maxlen, size_t *retlen, int *truncated,
                   const char *format, va_list args);
 
 /* format read states */
@@ -204,41 +153,13 @@ static void _dopr(void (*)(char **, size_t *, size_t *, int),
 #define char_to_int(p) (p - '0')
 #define MAX(p,q) ((p >= q) ? p : q)
 
-#ifndef USE_ALLOCATING_PRINT
-static void
-dopr(
-    char *buffer,
-    size_t maxlen,
-    size_t *retlen,
-    const char *format,
-    va_list args)
-{
-    _dopr(dopr_outch, dopr_isbig, dopr_copy,
-          &buffer, &maxlen, retlen, format, args);
-}
-
-#else
-static void
-doapr(
-    char **buffer,
-    size_t *retlen,
-    const char *format,
-    va_list args)
-{
-    size_t dummy_maxlen = 0;
-    _dopr(doapr_outch, doapr_isbig, doapr_copy,
-          buffer, &dummy_maxlen, retlen, format, args);
-}
-#endif
-
 static void
 _dopr(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
-    int (*isbig_fn)(size_t, size_t),
-    int (*copy_fn)(size_t),
+    char **sbuffer,
     char **buffer,
     size_t *maxlen,
     size_t *retlen,
+    int *truncated,
     const char *format,
     va_list args)
 {
@@ -259,7 +180,7 @@ _dopr(
     ch = *format++;
 
     while (state != DP_S_DONE) {
-        if ((ch == '\0') || (*isbig_fn)(currlen, *maxlen))
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
             state = DP_S_DONE;
 
         switch (state) {
@@ -267,7 +188,7 @@ _dopr(
             if (ch == '%')
                 state = DP_S_FLAGS;
             else
-                (*outch_fn)(buffer, &currlen, maxlen, ch);
+                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
             ch = *format++;
             break;
         case DP_S_FLAGS:
@@ -373,8 +294,8 @@ _dopr(
                     value = va_arg(args, int);
                     break;
                 }
-                fmtint(outch_fn, buffer, &currlen, maxlen,
-                       value, 10, min, max, flags);
+                fmtint(sbuffer, buffer, &currlen, maxlen,
+                       value, 10, min, max, flags);
                 break;
             case 'X':
                 flags |= DP_F_UP;
@@ -399,7 +320,7 @@ _dopr(
                         unsigned int);
                     break;
                 }
-                fmtint(outch_fn, buffer, &currlen, maxlen, value,
+                fmtint(sbuffer, buffer, &currlen, maxlen, value,
                        ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
                        min, max, flags);
                 break;
@@ -408,8 +329,8 @@ _dopr(
                     fvalue = va_arg(args, LDOUBLE);
                 else
                     fvalue = va_arg(args, double);
-                fmtfp(outch_fn, buffer, &currlen, maxlen,
-                      fvalue, min, max, flags);
+                fmtfp(sbuffer, buffer, &currlen, maxlen,
+                      fvalue, min, max, flags);
                 break;
             case 'E':
                 flags |= DP_F_UP;
@@ -428,19 +349,23 @@ _dopr(
                     fvalue = va_arg(args, double);
                 break;
             case 'c':
-                (*outch_fn)(buffer, &currlen, maxlen,
+                doapr_outch(sbuffer, buffer, &currlen, maxlen,
                     va_arg(args, int));
                 break;
             case 's':
                 strvalue = va_arg(args, char *);
-                if (max < 0)
-                    max = (*copy_fn)(*maxlen);
-                fmtstr(outch_fn, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                       flags, min, max);
                 break;
             case 'p':
                 value = (long)va_arg(args, void *);
-                fmtint(outch_fn, buffer, &currlen, maxlen,
+                fmtint(sbuffer, buffer, &currlen, maxlen,
                     value, 16, min, max, flags);
                 break;
             case 'n': /* XXX */
@@ -463,7 +388,7 @@ _dopr(
                 }
                 break;
             case '%':
-                (*outch_fn)(buffer, &currlen, maxlen, ch);
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
                 break;
             case 'w':
                 /* not supported yet, treat as next char */
@@ -484,16 +409,17 @@ _dopr(
             break;
         }
     }
-    if (currlen >= *maxlen - 1)
+    *truncated = (currlen > *maxlen - 1);
+    if (*truncated)
         currlen = *maxlen - 1;
-    (*buffer)[currlen] = '\0';
-    *retlen = currlen;
+    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+    *retlen = currlen - 1;
     return;
 }
 
 static void
 fmtstr(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **sbuffer,
     char **buffer,
     size_t *currlen,
     size_t *maxlen,
@@ -516,16 +442,16 @@ fmtstr(
         padlen = -padlen;
 
     while ((padlen > 0) && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         --padlen;
         ++cnt;
     }
     while (*value && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, *value++);
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
         ++cnt;
     }
     while ((padlen < 0) && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         ++padlen;
         ++cnt;
     }
@@ -533,7 +459,7 @@ fmtstr(
 
 static void
 fmtint(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **sbuffer,
     char **buffer,
     size_t *currlen,
     size_t *maxlen,
@@ -590,28 +516,28 @@ fmtint(
 
     /* spaces */
     while (spadlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         --spadlen;
     }
 
     /* sign */
     if (signvalue)
-        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
 
     /* zeros */
     if (zpadlen > 0) {
         while (zpadlen > 0) {
-            (*outch_fn)(buffer, currlen, maxlen, '0');
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
             --zpadlen;
         }
     }
     /* digits */
     while (place > 0)
-        (*outch_fn)(buffer, currlen, maxlen, convert[--place]);
+        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
 
     /* left justified spaces */
     while (spadlen < 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         ++spadlen;
     }
     return;
@@ -650,7 +576,7 @@ round(LDOUBLE value)
 
 static void
 fmtfp(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
+    char **sbuffer,
     char **buffer,
     size_t *currlen,
     size_t *maxlen,
@@ -731,114 +657,158 @@ fmtfp(
 
     if ((flags & DP_F_ZERO) && (padlen > 0)) {
         if (signvalue) {
-            (*outch_fn)(buffer, currlen, maxlen, signvalue);
+            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
             --padlen;
             signvalue = 0;
         }
         while (padlen > 0) {
-            (*outch_fn)(buffer, currlen, maxlen, '0');
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
             --padlen;
         }
     }
     while (padlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         --padlen;
     }
     if (signvalue)
-        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
 
     while (iplace > 0)
-        (*outch_fn)(buffer, currlen, maxlen, iconvert[--iplace]);
+        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
 
     /*
      * Decimal point. This should probably use locale to find the correct
      * char to print out.
      */
     if (max > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, '.');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
 
         while (fplace > 0)
-            (*outch_fn)(buffer, currlen, maxlen, fconvert[--fplace]);
+            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
     }
     while (zpadlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, '0');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
         --zpadlen;
     }
 
     while (padlen < 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
         ++padlen;
     }
 }
 
-static int
-dopr_copy(
-    size_t len)
-{
-    return len;
-}
-
-#ifdef USE_ALLOCATING_PRINT
-static int
-doapr_copy(
-    size_t len)
-{
-    /* Return as high an integer as possible */
-    return INT_MAX;
-}
-#endif
-
-static int
-dopr_isbig(
-    size_t currlen,
-    size_t maxlen)
-{
-    return currlen > maxlen;
-}
-
-#ifdef USE_ALLOCATING_PRINT
-static int
-doapr_isbig(
-    size_t currlen,
-    size_t maxlen)
-{
-    return 0;
-}
-#endif
-
-static void
-dopr_outch(
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    int c)
-{
-    if (*currlen < *maxlen)
-        (*buffer)[(*currlen)++] = (char)c;
-    return;
-}
-
-#ifdef USE_ALLOCATING_PRINT
 static void
 doapr_outch(
+    char **sbuffer,
     char **buffer,
     size_t *currlen,
     size_t *maxlen,
     int c)
 {
-    if (*buffer == NULL) {
-        if (*maxlen == 0)
-            *maxlen = 1024;
-        *buffer = Malloc(*maxlen);
+    /* If we haven't at least one buffer, someone has doe a big booboo */
+    assert(*sbuffer != NULL || buffer != NULL);
+
+    if (buffer) {
+        while (*currlen >= *maxlen) {
+            if (*buffer == NULL) {
+                assert(*sbuffer != NULL);
+                if (*maxlen == 0)
+                    *maxlen = 1024;
+                *buffer = OPENSSL_malloc(*maxlen);
+                if (*currlen > 0)
+                    memcpy(*buffer, *sbuffer, *currlen);
+                *sbuffer = NULL;
+            } else {
+                *maxlen += 1024;
+                *buffer = OPENSSL_realloc(*buffer, *maxlen);
+            }
+        }
+        /* What to do if *buffer is NULL? */
+        assert(*sbuffer != NULL || *buffer != NULL);
     }
-    while (*currlen >= *maxlen) {
-        *maxlen += 1024;
-        *buffer = Realloc(*buffer, *maxlen);
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
     }
-    /* What to do if *buffer is NULL? */
-    assert(*buffer != NULL);
 
-    (*buffer)[(*currlen)++] = (char)c;
     return;
 }
-#endif
+
+/***************************************************************************/
+
+int BIO_printf (BIO *bio, const char *format, ...)
+        {
+        va_list args;
+        int ret;
+
+        va_start(args, format);
+
+        ret = BIO_vprintf(bio, format, args);
+
+        va_end(args);
+        return(ret);
+        }
+
+int BIO_vprintf (BIO *bio, const char *format, va_list args)
+        {
+        int ret;
+        size_t retlen;
+        MS_STATIC char hugebuf[1024*10];
+        char *hugebufp = hugebuf;
+        size_t hugebufsize = sizeof(hugebuf);
+        char *dynbuf = NULL;
+        int ignored;
+
+        dynbuf = NULL;
+        CRYPTO_push_info("doapr()");
+        _dopr(&hugebufp, &dynbuf, &hugebufsize,
+                &retlen, &ignored, format, args);
+        if (dynbuf)
+                {
+                ret=BIO_write(bio, dynbuf, (int)retlen);
+                OPENSSL_free(dynbuf);
+                }
+        else
+                {
+                ret=BIO_write(bio, hugebuf, (int)retlen);
+                }
+        CRYPTO_pop_info();
+        return(ret);
+        }
+
+/* As snprintf is not available everywhere, we provide our own implementation.
+ * This function has nothing to do with BIOs, but it's closely related
+ * to BIO_printf, and we need *some* name prefix ...
+ * (XXX  the function should be renamed, but to what?) */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+        {
+        va_list args;
+        int ret;
+
+        va_start(args, format);
+
+        ret = BIO_vsnprintf(buf, n, format, args);
+
+        va_end(args);
+        return(ret);
+        }
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+        {
+        size_t retlen;
+        int truncated;
+
+        _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+
+        if (truncated)
+                /* In case of truncation, return -1 like traditional snprintf.
+                 * (Current drafts for ISO/IEC 9899 say snprintf should return
+                 * the number of characters that would have been written,
+                 * had the buffer been large enough.) */
+                return -1;
+        else
+                return (retlen <= INT_MAX) ? retlen : -1;
+        }
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
index 6409f98f57..64310058b4 100644
--- a/src/lib/libssl/src/crypto/bio/b_sock.c
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -105,17 +105,22 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
         struct hostent *he;
 
         i=get_ip(str,ip);
-        if (i > 0) return(1);
         if (i < 0)
                 {
                 BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
                 goto err;
                 }
 
-        /* do a gethostbyname */
+        /* At this point, we have something that is most probably correct
+           in some way, so let's init the socket. */
         if (!BIO_sock_init())
                 return(0); /* don't generate another error code here */
 
+        /* If the string actually contained an IP address, we need not do
+           anything more */
+        if (i > 0) return(1);
+
+        /* do a gethostbyname */
         CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
         locked = 1;
         he=BIO_gethostbyname(str);
@@ -267,14 +272,14 @@ static struct hostent *ghbn_dup(struct hostent *a)
         int i,j;
 
         MemCheck_off();
-        ret=(struct hostent *)Malloc(sizeof(struct hostent));
+        ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
         if (ret == NULL) return(NULL);
         memset(ret,0,sizeof(struct hostent));
 
         for (i=0; a->h_aliases[i] != NULL; i++)
                 ;
         i++;
-        ret->h_aliases = (char **)Malloc(i*sizeof(char *));
+        ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
         if (ret->h_aliases == NULL)
                 goto err;
         memset(ret->h_aliases, 0, i*sizeof(char *));
@@ -282,25 +287,25 @@ static struct hostent *ghbn_dup(struct hostent *a)
         for (i=0; a->h_addr_list[i] != NULL; i++)
                 ;
         i++;
-        ret->h_addr_list=(char **)Malloc(i*sizeof(char *));
+        ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
         if (ret->h_addr_list == NULL)
                 goto err;
         memset(ret->h_addr_list, 0, i*sizeof(char *));
 
         j=strlen(a->h_name)+1;
-        if ((ret->h_name=Malloc(j)) == NULL) goto err;
+        if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
         memcpy((char *)ret->h_name,a->h_name,j);
         for (i=0; a->h_aliases[i] != NULL; i++)
                 {
                 j=strlen(a->h_aliases[i])+1;
-                if ((ret->h_aliases[i]=Malloc(j)) == NULL) goto err;
+                if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
                 memcpy(ret->h_aliases[i],a->h_aliases[i],j);
                 }
         ret->h_length=a->h_length;
         ret->h_addrtype=a->h_addrtype;
         for (i=0; a->h_addr_list[i] != NULL; i++)
                 {
-                if ((ret->h_addr_list[i]=Malloc(a->h_length)) == NULL)
+                if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
                         goto err;
                 memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
                 }
@@ -325,17 +330,17 @@ static void ghbn_free(struct hostent *a)
         if (a->h_aliases != NULL)
                 {
                 for (i=0; a->h_aliases[i] != NULL; i++)
-                        Free(a->h_aliases[i]);
-                Free(a->h_aliases);
+                        OPENSSL_free(a->h_aliases[i]);
+                OPENSSL_free(a->h_aliases);
                 }
         if (a->h_addr_list != NULL)
                 {
                 for (i=0; a->h_addr_list[i] != NULL; i++)
-                        Free(a->h_addr_list[i]);
-                Free(a->h_addr_list);
+                        OPENSSL_free(a->h_addr_list[i]);
+                OPENSSL_free(a->h_addr_list);
                 }
-        if (a->h_name != NULL) Free(a->h_name);
-        Free(a);
+        if (a->h_name != NULL) OPENSSL_free(a->h_name);
+        OPENSSL_free(a);
         }
 
 struct hostent *BIO_gethostbyname(const char *name)
@@ -628,7 +633,7 @@ again:
                 }
         ret=1;
 err:
-        if (str != NULL) Free(str);
+        if (str != NULL) OPENSSL_free(str);
         if ((ret == 0) && (s != INVALID_SOCKET))
                 {
                 closesocket(s);
@@ -667,7 +672,7 @@ int BIO_accept(int sock, char **addr)
         port=ntohs(from.sin_port);
         if (*addr == NULL)
                 {
-                if ((p=Malloc(24)) == NULL)
+                if ((p=OPENSSL_malloc(24)) == NULL)
                         {
                         BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
                         goto end;
diff --git a/src/lib/libssl/src/crypto/bio/bf_buff.c b/src/lib/libssl/src/crypto/bio/bf_buff.c
index ff0c9070ae..f50e8f98a3 100644
--- a/src/lib/libssl/src/crypto/bio/bf_buff.c
+++ b/src/lib/libssl/src/crypto/bio/bf_buff.c
@@ -62,14 +62,14 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 
-static int buffer_write(BIO *h,char *buf,int num);
-static int buffer_read(BIO *h,char *buf,int size);
-static int buffer_puts(BIO *h,char *str);
-static int buffer_gets(BIO *h,char *str,int size);
-static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int buffer_write(BIO *h, const char *buf,int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h,int cmd, void (*fp)());
+static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 #define DEFAULT_BUFFER_SIZE     1024
 
 static BIO_METHOD methods_buffer=
@@ -95,12 +95,12 @@ static int buffer_new(BIO *bi)
         {
         BIO_F_BUFFER_CTX *ctx;
 
-        ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX));
+        ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
         if (ctx == NULL) return(0);
-        ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
-        if (ctx->ibuf == NULL) { Free(ctx); return(0); }
-        ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
-        if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); }
+        ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
+        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
         ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
         ctx->obuf_size=DEFAULT_BUFFER_SIZE;
         ctx->ibuf_len=0;
@@ -120,9 +120,9 @@ static int buffer_free(BIO *a)
 
         if (a == NULL) return(0);
         b=(BIO_F_BUFFER_CTX *)a->ptr;
-        if (b->ibuf != NULL) Free(b->ibuf);
-        if (b->obuf != NULL) Free(b->obuf);
-        Free(a->ptr);
+        if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
+        if (b->obuf != NULL) OPENSSL_free(b->obuf);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -195,7 +195,7 @@ start:
         goto start;
         }
 
-static int buffer_write(BIO *b, char *in, int inl)
+static int buffer_write(BIO *b, const char *in, int inl)
         {
         int i,num=0;
         BIO_F_BUFFER_CTX *ctx;
@@ -268,7 +268,7 @@ start:
         goto start;
         }
 
-static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO *dbio;
         BIO_F_BUFFER_CTX *ctx;
@@ -319,9 +319,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
         case BIO_C_SET_BUFF_READ_DATA:
                 if (num > ctx->ibuf_size)
                         {
-                        p1=Malloc((int)num);
+                        p1=OPENSSL_malloc((int)num);
                         if (p1 == NULL) goto malloc_error;
-                        if (ctx->ibuf != NULL) Free(ctx->ibuf);
+                        if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
                         ctx->ibuf=p1;
                         }
                 ctx->ibuf_off=0;
@@ -353,21 +353,21 @@ static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
                 p2=ctx->obuf;
                 if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
                         {
-                        p1=(char *)Malloc((int)num);
+                        p1=(char *)OPENSSL_malloc((int)num);
                         if (p1 == NULL) goto malloc_error;
                         }
                 if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
                         {
-                        p2=(char *)Malloc((int)num);
+                        p2=(char *)OPENSSL_malloc((int)num);
                         if (p2 == NULL)
                                 {
-                                if (p1 != ctx->ibuf) Free(p1);
+                                if (p1 != ctx->ibuf) OPENSSL_free(p1);
                                 goto malloc_error;
                                 }
                         }
                 if (ctx->ibuf != p1)
                         {
-                        Free(ctx->ibuf);
+                        OPENSSL_free(ctx->ibuf);
                         ctx->ibuf=p1;
                         ctx->ibuf_off=0;
                         ctx->ibuf_len=0;
@@ -375,7 +375,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
                         }
                 if (ctx->obuf != p2)
                         {
-                        Free(ctx->obuf);
+                        OPENSSL_free(ctx->obuf);
                         ctx->obuf=p2;
                         ctx->obuf_off=0;
                         ctx->obuf_len=0;
@@ -439,7 +439,7 @@ malloc_error:
         return(0);
         }
 
-static long buffer_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
@@ -504,8 +504,8 @@ static int buffer_gets(BIO *b, char *buf, int size)
                 }
         }
 
-static int buffer_puts(BIO *b, char *str)
+static int buffer_puts(BIO *b, const char *str)
         {
-        return(BIO_write(b,str,strlen(str)));
+        return(buffer_write(b,str,strlen(str)));
         }
 
diff --git a/src/lib/libssl/src/crypto/bio/bf_lbuf.c b/src/lib/libssl/src/crypto/bio/bf_lbuf.c
new file mode 100644
index 0000000000..7bcf8ed941
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bio/bf_lbuf.c
@@ -0,0 +1,397 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf,int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer=
+        {
+        BIO_TYPE_LINEBUFFER,
+        "linebuffer",
+        linebuffer_write,
+        linebuffer_read,
+        linebuffer_puts,
+        linebuffer_gets,
+        linebuffer_ctrl,
+        linebuffer_new,
+        linebuffer_free,
+        linebuffer_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_linebuffer(void)
+        {
+        return(&methods_linebuffer);
+        }
+
+typedef struct bio_linebuffer_ctx_struct
+        {
+        char *obuf;             /* the output char array */
+        int obuf_size;          /* how big is the output buffer */
+        int obuf_len;           /* how many bytes are in it */
+        } BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+        {
+        BIO_LINEBUFFER_CTX *ctx;
+
+        ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+        if (ctx == NULL) return(0);
+        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+        if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
+        ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
+        ctx->obuf_len=0;
+
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int linebuffer_free(BIO *a)
+        {
+        BIO_LINEBUFFER_CTX *b;
+
+        if (a == NULL) return(0);
+        b=(BIO_LINEBUFFER_CTX *)a->ptr;
+        if (b->obuf != NULL) OPENSSL_free(b->obuf);
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int linebuffer_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+ 
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+        {
+        int i,num=0,foundnl;
+        BIO_LINEBUFFER_CTX *ctx;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        BIO_clear_retry_flags(b);
+
+        do
+                {
+                const char *p;
+
+                for(p = in; p < in + inl && *p != '\n'; p++)
+                        ;
+                if (*p == '\n')
+                        {
+                        p++;
+                        foundnl = 1;
+                        }
+                else
+                        foundnl = 0;
+
+                /* If a NL was found and we already have text in the save
+                   buffer, concatenate them and write */
+                while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+                        && ctx->obuf_len > 0)
+                        {
+                        int orig_olen = ctx->obuf_len;
+                        
+                        i = ctx->obuf_size - ctx->obuf_len;
+                        if (p - in > 0)
+                                {
+                                if (i >= p - in)
+                                        {
+                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
+                                                in,p - in);
+                                        ctx->obuf_len += p - in;
+                                        inl -= p - in;
+                                        num += p - in;
+                                        in = p;
+                                        }
+                                else
+                                        {
+                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
+                                                in,i);
+                                        ctx->obuf_len += i;
+                                        inl -= i;
+                                        in += i;
+                                        num += i;
+                                        }
+                                }
+
+#ifdef DEBUG
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+                        i=BIO_write(b->next_bio,
+                                ctx->obuf, ctx->obuf_len);
+                        if (i <= 0)
+                                {
+                                ctx->obuf_len = orig_olen;
+                                BIO_copy_next_retry(b);
+
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                        if (i < ctx->obuf_len)
+                                memmove(ctx->obuf, ctx->obuf + i,
+                                        ctx->obuf_len - i);
+                        ctx->obuf_len-=i;
+                        }
+
+                /* Now that the save buffer is emptied, let's write the input
+                   buffer if a NL was found and there is anything to write. */
+                if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+                        {
+#ifdef DEBUG
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+                        i=BIO_write(b->next_bio,in,p - in);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+#ifdef DEBUG
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                        num+=i;
+                        in+=i;
+                        inl-=i;
+                        }
+                }
+        while(foundnl && inl > 0);
+        /* We've written as much as we can.  The rest of the input buffer, if
+           any, is text that doesn't and with a NL and therefore needs to be
+           saved for the next trip. */
+        if (inl > 0)
+                {
+                memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+                ctx->obuf_len += inl;
+                num += inl;
+                }
+        return num;
+        }
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        BIO_LINEBUFFER_CTX *ctx;
+        long ret=1;
+        char *p;
+        int r;
+        int obs;
+
+        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->obuf_len=0;
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->obuf_len;
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=(long)ctx->obuf_len;
+                if (ret == 0)
+                        {
+                        if (b->next_bio == NULL) return(0);
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        }
+                break;
+        case BIO_C_SET_BUFF_SIZE:
+                obs=(int)num;
+                p=ctx->obuf;
+                if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
+                        {
+                        p=(char *)OPENSSL_malloc((int)num);
+                        if (p == NULL)
+                                goto malloc_error;
+                        }
+                if (ctx->obuf != p)
+                        {
+                        if (ctx->obuf_len > obs)
+                                {
+                                ctx->obuf_len = obs;
+                                }
+                        memcpy(p, ctx->obuf, ctx->obuf_len);
+                        OPENSSL_free(ctx->obuf);
+                        ctx->obuf=p;
+                        ctx->obuf_size=obs;
+                        }
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                if (b->next_bio == NULL) return(0);
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_CTRL_FLUSH:
+                if (b->next_bio == NULL) return(0);
+                if (ctx->obuf_len <= 0)
+                        {
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        break;
+                        }
+
+                for (;;)
+                        {
+                        BIO_clear_retry_flags(b);
+                        if (ctx->obuf_len > 0)
+                                {
+                                r=BIO_write(b->next_bio,
+                                        ctx->obuf, ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
+#endif
+                                BIO_copy_next_retry(b);
+                                if (r <= 0) return((long)r);
+                                if (r < ctx->obuf_len)
+                                        memmove(ctx->obuf, ctx->obuf + r,
+                                                ctx->obuf_len - r);
+                                ctx->obuf_len-=r;
+                                }
+                        else
+                                {
+                                ctx->obuf_len=0;
+                                ret=1;
+                                break;
+                                }
+                        }
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (    !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+                        ret=0;
+                break;
+        default:
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+malloc_error:
+        BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+        {
+        if (b->next_bio == NULL) return(0);
+        return(BIO_gets(b->next_bio,buf,size));
+        }
+
+static int linebuffer_puts(BIO *b, const char *str)
+        {
+        return(linebuffer_write(b,str,strlen(str)));
+        }
+
diff --git a/src/lib/libssl/src/crypto/bio/bf_nbio.c b/src/lib/libssl/src/crypto/bio/bf_nbio.c
index 5e574b7231..413ef5c4c5 100644
--- a/src/lib/libssl/src/crypto/bio/bf_nbio.c
+++ b/src/lib/libssl/src/crypto/bio/bf_nbio.c
@@ -66,14 +66,14 @@
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-static int nbiof_write(BIO *h,char *buf,int num);
+static int nbiof_write(BIO *h,const char *buf,int num);
 static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,char *str);
+static int nbiof_puts(BIO *h,const char *str);
 static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 typedef struct nbio_test_st
         {
         /* only set if we sent a 'should retry' error */
@@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
         {
         NBIO_TEST *nt;
 
-        nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST));
+        nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
         nt->lrn= -1;
         nt->lwn= -1;
         bi->ptr=(char *)nt;
@@ -117,7 +117,7 @@ static int nbiof_free(BIO *a)
         {
         if (a == NULL) return(0);
         if (a->ptr != NULL)
-                Free(a->ptr);
+                OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -159,7 +159,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int nbiof_write(BIO *b, char *in, int inl)
+static int nbiof_write(BIO *b, const char *in, int inl)
         {
         NBIO_TEST *nt;
         int ret=0;
@@ -204,7 +204,7 @@ static int nbiof_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long nbiof_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret;
 
@@ -226,7 +226,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long nbiof_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
@@ -247,7 +247,7 @@ static int nbiof_gets(BIO *bp, char *buf, int size)
         }
 
 
-static int nbiof_puts(BIO *bp, char *str)
+static int nbiof_puts(BIO *bp, const char *str)
         {
         if (bp->next_bio == NULL) return(0);
         return(BIO_puts(bp->next_bio,str));
diff --git a/src/lib/libssl/src/crypto/bio/bf_null.c b/src/lib/libssl/src/crypto/bio/bf_null.c
index 0d183a6d9a..2678a1a85d 100644
--- a/src/lib/libssl/src/crypto/bio/bf_null.c
+++ b/src/lib/libssl/src/crypto/bio/bf_null.c
@@ -65,14 +65,14 @@
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-static int nullf_write(BIO *h,char *buf,int num);
-static int nullf_read(BIO *h,char *buf,int size);
-static int nullf_puts(BIO *h,char *str);
-static int nullf_gets(BIO *h,char *str,int size);
-static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int nullf_new(BIO *h);
 static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 static BIO_METHOD methods_nullf=
         {
         BIO_TYPE_NULL_FILTER,
@@ -121,7 +121,7 @@ static int nullf_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int nullf_write(BIO *b, char *in, int inl)
+static int nullf_write(BIO *b, const char *in, int inl)
         {
         int ret=0;
 
@@ -133,7 +133,7 @@ static int nullf_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long nullf_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret;
 
@@ -154,7 +154,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long nullf_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
@@ -175,7 +175,7 @@ static int nullf_gets(BIO *bp, char *buf, int size)
         }
 
 
-static int nullf_puts(BIO *bp, char *str)
+static int nullf_puts(BIO *bp, const char *str)
         {
         if (bp->next_bio == NULL) return(0);
         return(BIO_puts(bp->next_bio,str));
diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h
index ebdb18170b..97003b503c 100644
--- a/src/lib/libssl/src/crypto/bio/bio.h
+++ b/src/lib/libssl/src/crypto/bio/bio.h
@@ -59,14 +59,17 @@
 #ifndef HEADER_BIO_H
 #define HEADER_BIO_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef NO_FP_API
+# include <stdio.h>
 #endif
+#include <stdarg.h>
 
-#include <stdio.h>
-#include <stdlib.h>
 #include <openssl/crypto.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* These are the 'types' of BIOs */
 #define BIO_TYPE_NONE           0
 #define BIO_TYPE_MEM            (1|0x0400)
@@ -88,6 +91,7 @@ extern "C" {
 #define BIO_TYPE_NULL_FILTER    (17|0x0200)
 #define BIO_TYPE_BER            (18|0x0200)             /* BER -> bin filter */
 #define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
+#define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
 
 #define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER         0x0200
@@ -207,19 +211,23 @@ extern "C" {
 #define BIO_method_name(b)              ((b)->method->name)
 #define BIO_method_type(b)              ((b)->method->type)
 
+typedef struct bio_st BIO;
+
+typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+
 #ifndef WIN16
 typedef struct bio_method_st
         {
         int type;
         const char *name;
-        int (*bwrite)();
-        int (*bread)();
-        int (*bputs)();
-        int (*bgets)();
-        long (*ctrl)();
-        int (*create)();
-        int (*destroy)();
-        long (*callback_ctrl)();
+        int (*bwrite)(BIO *, const char *, int);
+        int (*bread)(BIO *, char *, int);
+        int (*bputs)(BIO *, const char *);
+        int (*bgets)(BIO *, char *, int);
+        long (*ctrl)(BIO *, int, long, void *);
+        int (*create)(BIO *);
+        int (*destroy)(BIO *);
+        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
         } BIO_METHOD;
 #else
 typedef struct bio_method_st
@@ -237,7 +245,7 @@ typedef struct bio_method_st
         } BIO_METHOD;
 #endif
 
-typedef struct bio_st
+struct bio_st
         {
         BIO_METHOD *method;
         /* bio, mode, argp, argi, argl, ret */
@@ -257,7 +265,9 @@ typedef struct bio_st
         unsigned long num_write;
 
         CRYPTO_EX_DATA ex_data;
-        } BIO;
+        };
+
+DECLARE_STACK_OF(BIO)
 
 typedef struct bio_f_buffer_ctx_struct
         {
@@ -454,8 +464,8 @@ int BIO_read_filename(BIO *b,const char *name);
 size_t BIO_ctrl_pending(BIO *b);
 size_t BIO_ctrl_wpending(BIO *b);
 #define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(void (**)())(cbp))
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,(void (*)())(cb))
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(bio_info_cb **)(cbp))
+#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,(bio_info_cb *)(cb))
 
 /* For the BIO_f_buffer() type */
 #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
@@ -465,6 +475,7 @@ size_t BIO_ctrl_wpending(BIO *b);
 #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
 #define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
 #define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
 /* macros with inappropriate type -- but ...pending macros use int too: */
 #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
 #define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
@@ -472,11 +483,6 @@ size_t BIO_ctrl_get_write_guarantee(BIO *b);
 size_t BIO_ctrl_get_read_request(BIO *b);
 int BIO_ctrl_reset_read_request(BIO *b);
 
-#ifdef NO_STDIO
-#define NO_FP_API
-#endif
-
-
 /* These two aren't currently implemented */
 /* int BIO_get_ex_num(BIO *bio); */
 /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
@@ -487,6 +493,7 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
 
+# ifndef NO_FP_API
 #  if defined(WIN16) && defined(_WINDLL)
 BIO_METHOD *BIO_s_file_internal(void);
 BIO *BIO_new_file_internal(char *filename, char *mode);
@@ -502,21 +509,24 @@ BIO *BIO_new_fp(FILE *stream, int close_flag);
 #    define BIO_new_file_internal       BIO_new_file
 #    define BIO_new_fp_internal         BIO_s_file
 #  endif /* FP_API */
+# endif
 BIO *   BIO_new(BIO_METHOD *type);
 int     BIO_set(BIO *a,BIO_METHOD *type);
 int     BIO_free(BIO *a);
+void    BIO_vfree(BIO *a);
 int     BIO_read(BIO *b, void *data, int len);
 int     BIO_gets(BIO *bp,char *buf, int size);
 int     BIO_write(BIO *b, const void *data, int len);
 int     BIO_puts(BIO *bp,const char *buf);
 long    BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long    BIO_callback_ctrl(BIO *bp,int cmd,void (*fp)());
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
 char *  BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
 long    BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 BIO *   BIO_push(BIO *b,BIO *append);
 BIO *   BIO_pop(BIO *b);
 void    BIO_free_all(BIO *a);
 BIO *   BIO_find_type(BIO *b,int bio_type);
+BIO *   BIO_next(BIO *b);
 BIO *   BIO_get_retry_BIO(BIO *bio, int *reason);
 int     BIO_get_retry_reason(BIO *bio);
 BIO *   BIO_dup_chain(BIO *in);
@@ -545,6 +555,9 @@ BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
 BIO_METHOD *BIO_f_buffer(void);
+#ifdef VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+#endif
 BIO_METHOD *BIO_f_nbio_test(void);
 /* BIO_METHOD *BIO_f_ber(void); */
 
@@ -553,6 +566,7 @@ int BIO_sock_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
 int BIO_dump(BIO *b,const char *bytes,int len);
+int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
 
 struct hostent *BIO_gethostbyname(const char *name);
 /* We might want a thread-safe interface too:
@@ -592,7 +606,10 @@ void BIO_copy_next_retry(BIO *b);
 
 long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
 
-int BIO_printf(BIO *bio, ...);
+int BIO_printf(BIO *bio, const char *format, ...);
+int BIO_vprintf(BIO *bio, const char *format, va_list args);
+int BIO_snprintf(char *buf, size_t n, const char *format, ...);
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -627,6 +644,8 @@ int BIO_printf(BIO *bio, ...);
 #define BIO_F_CONN_CTRL                                  127
 #define BIO_F_CONN_STATE                                 115
 #define BIO_F_FILE_CTRL                                  116
+#define BIO_F_LINEBUFFER_CTRL                            129
+#define BIO_F_MEM_READ                                   128
 #define BIO_F_MEM_WRITE                                  117
 #define BIO_F_SSL_NEW                                    118
 #define BIO_F_WSASTARTUP                                 119
@@ -637,6 +656,7 @@ int BIO_printf(BIO *bio, ...);
 #define BIO_R_BAD_HOSTNAME_LOOKUP                        102
 #define BIO_R_BROKEN_PIPE                                124
 #define BIO_R_CONNECT_ERROR                              103
+#define BIO_R_EOF_ON_MEMORY_BIO                          127
 #define BIO_R_ERROR_SETTING_NBIO                         104
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c
index f38e7b9178..bb815fb1e6 100644
--- a/src/lib/libssl/src/crypto/bio/bio_err.c
+++ b/src/lib/libssl/src/crypto/bio/bio_err.c
@@ -91,6 +91,8 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),        "CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
+{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),   "LINEBUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_READ,0),  "MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
 {ERR_PACK(0,BIO_F_SSL_NEW,0),   "SSL_new"},
 {ERR_PACK(0,BIO_F_WSASTARTUP,0),        "WSASTARTUP"},
@@ -104,6 +106,7 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
 {BIO_R_BROKEN_PIPE                       ,"broken pipe"},
 {BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_EOF_ON_MEMORY_BIO                 ,"EOF on memory BIO"},
 {BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
@@ -124,8 +127,8 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
 {BIO_R_UNINITIALIZED                     ,"uninitialized"},
 {BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
-{BIO_R_WRITE_TO_READ_ONLY_BIO            ,"write to read only bio"},
-{BIO_R_WSASTARTUP                        ,"wsastartup"},
+{BIO_R_WRITE_TO_READ_ONLY_BIO            ,"write to read only BIO"},
+{BIO_R_WSASTARTUP                        ,"WSAStartup"},
 {0,NULL}
         };
 
diff --git a/src/lib/libssl/src/crypto/bio/bio_lib.c b/src/lib/libssl/src/crypto/bio/bio_lib.c
index e88dcc80f3..381afc9b8e 100644
--- a/src/lib/libssl/src/crypto/bio/bio_lib.c
+++ b/src/lib/libssl/src/crypto/bio/bio_lib.c
@@ -70,7 +70,7 @@ BIO *BIO_new(BIO_METHOD *method)
         {
         BIO *ret=NULL;
 
-        ret=(BIO *)Malloc(sizeof(BIO));
+        ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
         if (ret == NULL)
                 {
                 BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
@@ -78,7 +78,7 @@ BIO *BIO_new(BIO_METHOD *method)
                 }
         if (!BIO_set(ret,method))
                 {
-                Free(ret);
+                OPENSSL_free(ret);
                 ret=NULL;
                 }
         return(ret);
@@ -133,10 +133,13 @@ int BIO_free(BIO *a)
 
         if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
         ret=a->method->destroy(a);
-        Free(a);
+        OPENSSL_free(a);
         return(1);
         }
 
+void BIO_vfree(BIO *a)
+    { BIO_free(a); }
+
 int BIO_read(BIO *b, void *out, int outl)
         {
         int i;
@@ -198,13 +201,7 @@ int BIO_write(BIO *b, const void *in, int inl)
 
         if (i > 0) b->num_write+=(unsigned long)i;
 
-        /* This is evil and not thread safe.  If the BIO has been freed,
-         * we must not call the callback.  The only way to be able to
-         * determine this is the reference count which is now invalid since
-         * the memory has been free()ed.
-         */
-        if (b->references <= 0) abort();
-        if (cb != NULL) /* && (b->references >= 1)) */
+        if (cb != NULL)
                 i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
                         0L,(long)i);
         return(i);
@@ -235,6 +232,8 @@ int BIO_puts(BIO *b, const char *in)
 
         i=b->method->bputs(b,in);
 
+        if (i > 0) b->num_write+=(unsigned long)i;
+
         if (cb != NULL)
                 i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
                         0L,(long)i);
@@ -317,7 +316,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
         return(ret);
         }
 
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)())
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
         {
         long ret;
         long (*cb)();
@@ -419,6 +418,7 @@ BIO *BIO_find_type(BIO *bio, int type)
         {
         int mt,mask;
 
+        if(!bio) return NULL;
         mask=type&0xff;
         do      {
                 if (bio->method != NULL)
@@ -437,6 +437,12 @@ BIO *BIO_find_type(BIO *bio, int type)
         return(NULL);
         }
 
+BIO *BIO_next(BIO *b)
+        {
+        if(!b) return NULL;
+        return b->next_bio;
+        }
+
 void BIO_free_all(BIO *bio)
         {
         BIO *b;
@@ -532,3 +538,5 @@ unsigned long BIO_number_written(BIO *bio)
         if(bio) return bio->num_write;
         return 0;
 }
+
+IMPLEMENT_STACK_OF(BIO)
diff --git a/src/lib/libssl/src/crypto/bio/bss_acpt.c b/src/lib/libssl/src/crypto/bio/bss_acpt.c
index 9afa636406..4da5822062 100644
--- a/src/lib/libssl/src/crypto/bio/bss_acpt.c
+++ b/src/lib/libssl/src/crypto/bio/bss_acpt.c
@@ -92,10 +92,10 @@ typedef struct bio_accept_st
         BIO *bio_chain;
         } BIO_ACCEPT;
 
-static int acpt_write(BIO *h,char *buf,int num);
-static int acpt_read(BIO *h,char *buf,int size);
-static int acpt_puts(BIO *h,char *str);
-static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
@@ -145,7 +145,7 @@ BIO_ACCEPT *BIO_ACCEPT_new(void)
         {
         BIO_ACCEPT *ret;
 
-        if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL)
+        if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
                 return(NULL);
 
         memset(ret,0,sizeof(BIO_ACCEPT));
@@ -159,10 +159,10 @@ void BIO_ACCEPT_free(BIO_ACCEPT *a)
         if(a == NULL)
             return;
 
-        if (a->param_addr != NULL) Free(a->param_addr);
-        if (a->addr != NULL) Free(a->addr);
+        if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
+        if (a->addr != NULL) OPENSSL_free(a->addr);
         if (a->bio_chain != NULL) BIO_free(a->bio_chain);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 static void acpt_close_socket(BIO *bio)
@@ -307,7 +307,7 @@ static int acpt_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int acpt_write(BIO *b, char *in, int inl)
+static int acpt_write(BIO *b, const char *in, int inl)
         {
         int ret;
         BIO_ACCEPT *data;
@@ -326,7 +326,7 @@ static int acpt_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO *dbio;
         int *ip;
@@ -355,7 +355,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
                                 {
                                 b->init=1;
                                 if (data->param_addr != NULL)
-                                        Free(data->param_addr);
+                                        OPENSSL_free(data->param_addr);
                                 data->param_addr=BUF_strdup(ptr);
                                 }
                         else if (num == 1)
@@ -440,7 +440,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static int acpt_puts(BIO *bp, char *str)
+static int acpt_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_bio.c b/src/lib/libssl/src/crypto/bio/bss_bio.c
index 1e2d7491f2..78c6ab4fdd 100644
--- a/src/lib/libssl/src/crypto/bio/bss_bio.c
+++ b/src/lib/libssl/src/crypto/bio/bss_bio.c
@@ -30,9 +30,9 @@
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
 static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, char *buf, int num);
+static int bio_write(BIO *bio, const char *buf, int num);
 static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, char *str);
+static int bio_puts(BIO *bio, const char *str);
 
 static int bio_make_pair(BIO *bio1, BIO *bio2);
 static void bio_destroy_pair(BIO *bio);
@@ -80,7 +80,7 @@ static int bio_new(BIO *bio)
         {
         struct bio_bio_st *b;
         
-        b = Malloc(sizeof *b);
+        b = OPENSSL_malloc(sizeof *b);
         if (b == NULL)
                 return 0;
 
@@ -108,10 +108,10 @@ static int bio_free(BIO *bio)
         
         if (b->buf != NULL)
                 {
-                Free(b->buf);
+                OPENSSL_free(b->buf);
                 }
 
-        Free(b);
+        OPENSSL_free(b);
 
         return 1;
         }
@@ -283,7 +283,7 @@ static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
         }
 
 
-static int bio_write(BIO *bio, char *buf, int num_)
+static int bio_write(BIO *bio, const char *buf, int num_)
         {
         size_t num = num_;
         size_t rest;
@@ -464,7 +464,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
                                 {
                                 if (b->buf) 
                                         {
-                                        Free(b->buf);
+                                        OPENSSL_free(b->buf);
                                         b->buf = NULL;
                                         }
                                 b->size = new_size;
@@ -628,7 +628,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
         return ret;
         }
 
-static int bio_puts(BIO *bio, char *str)
+static int bio_puts(BIO *bio, const char *str)
         {
         return bio_write(bio, str, strlen(str));
         }
@@ -652,7 +652,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2)
         
         if (b1->buf == NULL)
                 {
-                b1->buf = Malloc(b1->size);
+                b1->buf = OPENSSL_malloc(b1->size);
                 if (b1->buf == NULL)
                         {
                         BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
@@ -664,7 +664,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2)
         
         if (b2->buf == NULL)
                 {
-                b2->buf = Malloc(b2->size);
+                b2->buf = OPENSSL_malloc(b2->size);
                 if (b2->buf == NULL)
                         {
                         BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
index 22d00b369e..a6b77a2cb9 100644
--- a/src/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -98,13 +98,13 @@ typedef struct bio_connect_st
         int (*info_callback)();
         } BIO_CONNECT;
 
-static int conn_write(BIO *h,char *buf,int num);
-static int conn_read(BIO *h,char *buf,int size);
-static int conn_puts(BIO *h,char *str);
-static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int conn_new(BIO *h);
 static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h,int cmd,void *(*fp)());
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
 
 static int conn_state(BIO *b, BIO_CONNECT *c);
 static void conn_close_socket(BIO *data);
@@ -165,7 +165,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                                                         break;
                                                         }
                                         if (c->param_port != NULL)
-                                                Free(c->param_port);
+                                                OPENSSL_free(c->param_port);
                                         c->param_port=BUF_strdup(p);
                                         }
                                 }
@@ -188,7 +188,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                 case BIO_CONN_S_GET_PORT:
                         if (c->param_port == NULL)
                                 {
-                                abort();
+                                /* abort(); */
                                 goto exit_loop;
                                 }
                         else if (BIO_get_port(c->param_port,&c->port) <= 0)
@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                                 }
                         c->state=BIO_CONN_S_CONNECT;
 
-#ifdef SO_KEEPALIVE
+#if defined(SO_KEEPALIVE) && !defined(MPE)
                         i=1;
                         i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
                         if (i < 0)
@@ -299,7 +299,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                         ret=1;
                         goto exit_loop;
                 default:
-                        abort();
+                        /* abort(); */
                         goto exit_loop;
                         }
 
@@ -322,7 +322,7 @@ BIO_CONNECT *BIO_CONNECT_new(void)
         {
         BIO_CONNECT *ret;
 
-        if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
+        if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
                 return(NULL);
         ret->state=BIO_CONN_S_BEFORE;
         ret->param_hostname=NULL;
@@ -344,10 +344,10 @@ void BIO_CONNECT_free(BIO_CONNECT *a)
             return;
 
         if (a->param_hostname != NULL)
-                Free(a->param_hostname);
+                OPENSSL_free(a->param_hostname);
         if (a->param_port != NULL)
-                Free(a->param_port);
-        Free(a);
+                OPENSSL_free(a->param_port);
+        OPENSSL_free(a);
         }
 
 BIO_METHOD *BIO_s_connect(void)
@@ -426,7 +426,7 @@ static int conn_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int conn_write(BIO *b, char *in, int inl)
+static int conn_write(BIO *b, const char *in, int inl)
         {
         int ret;
         BIO_CONNECT *data;
@@ -449,7 +449,7 @@ static int conn_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO *dbio;
         int *ip;
@@ -507,23 +507,24 @@ static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
                         if (num == 0)
                                 {
                                 if (data->param_hostname != NULL)
-                                        Free(data->param_hostname);
+                                        OPENSSL_free(data->param_hostname);
                                 data->param_hostname=BUF_strdup(ptr);
                                 }
                         else if (num == 1)
                                 {
                                 if (data->param_port != NULL)
-                                        Free(data->param_port);
+                                        OPENSSL_free(data->param_port);
                                 data->param_port=BUF_strdup(ptr);
                                 }
                         else if (num == 2)
                                 {
                                 char buf[16];
+                                char *p = ptr;
 
                                 sprintf(buf,"%d.%d.%d.%d",
-                                        ptr[0],ptr[1],ptr[2],ptr[3]);
+                                        p[0],p[1],p[2],p[3]);
                                 if (data->param_hostname != NULL)
-                                        Free(data->param_hostname);
+                                        OPENSSL_free(data->param_hostname);
                                 data->param_hostname=BUF_strdup(buf);
                                 memcpy(&(data->ip[0]),ptr,4);
                                 }
@@ -533,7 +534,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
 
                                 sprintf(buf,"%d",*(int *)ptr);
                                 if (data->param_port != NULL)
-                                        Free(data->param_port);
+                                        OPENSSL_free(data->param_port);
                                 data->param_port=BUF_strdup(buf);
                                 data->port= *(int *)ptr;
                                 }
@@ -573,7 +574,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
                 if (data->param_hostname)
                         BIO_set_conn_hostname(dbio,data->param_hostname);
                 BIO_set_nbio(dbio,data->nbio);
-                (void)BIO_set_info_callback(dbio,(void *(*)())(data->info_callback));
+                (void)BIO_set_info_callback(dbio,data->info_callback);
                 }
                 break;
         case BIO_CTRL_SET_CALLBACK:
@@ -601,7 +602,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long conn_callback_ctrl(BIO *b, int cmd, void *(*fp)())
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
         BIO_CONNECT *data;
@@ -622,7 +623,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, void *(*fp)())
         return(ret);
         }
 
-static int conn_puts(BIO *bp, char *str)
+static int conn_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c
index 0d44dc3889..1f770b390f 100644
--- a/src/lib/libssl/src/crypto/bio/bss_file.c
+++ b/src/lib/libssl/src/crypto/bio/bss_file.c
@@ -73,11 +73,11 @@
 
 #if !defined(NO_STDIO)
 
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
+static int MS_CALLBACK file_puts(BIO *h, const char *str);
+static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
 static BIO_METHOD methods_filep=
@@ -163,7 +163,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
         {
         int ret=0;
 
@@ -179,7 +179,7 @@ static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         FILE *fp=(FILE *)b->ptr;
@@ -294,7 +294,7 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
         return(ret);
         }
 
-static int MS_CALLBACK file_puts(BIO *bp, char *str)
+static int MS_CALLBACK file_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_log.c b/src/lib/libssl/src/crypto/bio/bss_log.c
index 497eb1af72..1edf16a76f 100644
--- a/src/lib/libssl/src/crypto/bio/bss_log.c
+++ b/src/lib/libssl/src/crypto/bio/bss_log.c
@@ -110,14 +110,26 @@
 #define LOG_DAEMON      OPC$M_NM_NTWORK
 #endif
 
-static int MS_CALLBACK slg_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK slg_puts(BIO *h,char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK slg_puts(BIO *h, const char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int MS_CALLBACK slg_new(BIO *h);
 static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, const char* name, int level);
+static void xopenlog(BIO* bp, char* name, int level);
 static void xsyslog(BIO* bp, int priority, const char* string);
 static void xcloselog(BIO* bp);
+#ifdef WIN32
+LONG    (WINAPI *go_for_advapi)()       = RegOpenKeyEx;
+HANDLE  (WINAPI *register_event_source)()       = NULL;
+BOOL    (WINAPI *deregister_event_source)()     = NULL;
+BOOL    (WINAPI *report_event)()        = NULL;
+#define DL_PROC(m,f)    (GetProcAddress( m, f ))
+#ifdef UNICODE
+#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+#else
+#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+#endif
+#endif
 
 static BIO_METHOD methods_slg=
         {
@@ -153,40 +165,60 @@ static int MS_CALLBACK slg_free(BIO *a)
         return(1);
         }
         
-static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
         {
         int ret= inl;
-        char* buf= in;
+        char* buf;
         char* pp;
-        int priority;
-
-        if((buf= (char *)Malloc(inl+ 1)) == NULL){
+        int priority, i;
+        static struct
+                {
+                int strl;
+                char str[10];
+                int log_level;
+                }
+        mapping[] =
+                {
+                { 6, "PANIC ", LOG_EMERG },
+                { 6, "EMERG ", LOG_EMERG },
+                { 4, "EMR ", LOG_EMERG },
+                { 6, "ALERT ", LOG_ALERT },
+                { 4, "ALR ", LOG_ALERT },
+                { 5, "CRIT ", LOG_CRIT },
+                { 4, "CRI ", LOG_CRIT },
+                { 6, "ERROR ", LOG_ERR },
+                { 4, "ERR ", LOG_ERR },
+                { 8, "WARNING ", LOG_WARNING },
+                { 5, "WARN ", LOG_WARNING },
+                { 4, "WAR ", LOG_WARNING },
+                { 7, "NOTICE ", LOG_NOTICE },
+                { 5, "NOTE ", LOG_NOTICE },
+                { 4, "NOT ", LOG_NOTICE },
+                { 5, "INFO ", LOG_INFO },
+                { 4, "INF ", LOG_INFO },
+                { 6, "DEBUG ", LOG_DEBUG },
+                { 4, "DBG ", LOG_DEBUG },
+                { 0, "", LOG_ERR } /* The default */
+                };
+
+        if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
                 return(0);
         }
         strncpy(buf, in, inl);
         buf[inl]= '\0';
 
-        if(strncmp(buf, "ERR ", 4) == 0){
-                priority= LOG_ERR;
-                pp= buf+ 4;
-        }else if(strncmp(buf, "WAR ", 4) == 0){
-                priority= LOG_WARNING;
-                pp= buf+ 4;
-        }else if(strncmp(buf, "INF ", 4) == 0){
-                priority= LOG_INFO;
-                pp= buf+ 4;
-        }else{
-                priority= LOG_ERR;
-                pp= buf;
-        }
+        i = 0;
+        while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
+        priority = mapping[i].log_level;
+        pp = buf + mapping[i].strl;
 
         xsyslog(b, priority, pp);
 
-        Free(buf);
+        OPENSSL_free(buf);
         return(ret);
         }
 
-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         switch (cmd)
                 {
@@ -200,7 +232,7 @@ static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(0);
         }
 
-static int MS_CALLBACK slg_puts(BIO *bp, char *str)
+static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
@@ -211,9 +243,29 @@ static int MS_CALLBACK slg_puts(BIO *bp, char *str)
 
 #if defined(WIN32)
 
-static void xopenlog(BIO* bp, const char* name, int level)
+static void xopenlog(BIO* bp, char* name, int level)
 {
-        bp->ptr= (char *)RegisterEventSource(NULL, name);
+        if ( !register_event_source )
+                {
+                HANDLE  advapi;
+                if ( !(advapi = GetModuleHandle("advapi32")) )
+                        return;
+                register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
+                        "RegisterEventSource" );
+                deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
+                        "DeregisterEventSource");
+                report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
+                        "ReportEvent" );
+                if ( !(register_event_source && deregister_event_source &&
+                                report_event) )
+                        {
+                        register_event_source = NULL;
+                        deregister_event_source = NULL;
+                        report_event = NULL;
+                        return;
+                        }
+                }
+        bp->ptr= (char *)register_event_source(NULL, name);
 }
 
 static void xsyslog(BIO *bp, int priority, const char *string)
@@ -225,16 +277,22 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
         switch (priority)
                 {
+        case LOG_EMERG:
+        case LOG_ALERT:
+        case LOG_CRIT:
         case LOG_ERR:
                 evtype = EVENTLOG_ERROR_TYPE;
                 break;
         case LOG_WARNING:
                 evtype = EVENTLOG_WARNING_TYPE;
                 break;
+        case LOG_NOTICE:
         case LOG_INFO:
+        case LOG_DEBUG:
                 evtype = EVENTLOG_INFORMATION_TYPE;
                 break;
-        default:
+        default:                /* Should never happen, but set it
+                                   as error anyway. */
                 evtype = EVENTLOG_ERROR_TYPE;
                 break;
                 }
@@ -243,15 +301,15 @@ static void xsyslog(BIO *bp, int priority, const char *string)
         lpszStrings[0] = pidbuf;
         lpszStrings[1] = string;
 
-        if(bp->ptr)
-                ReportEvent(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
+        if(report_event && bp->ptr)
+                report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
                                 lpszStrings, NULL);
 }
         
 static void xcloselog(BIO* bp)
 {
-        if(bp->ptr)
-                DeregisterEventSource((HANDLE)(bp->ptr));
+        if(deregister_event_source && bp->ptr)
+                deregister_event_source((HANDLE)(bp->ptr));
         bp->ptr= NULL;
 }
 
@@ -259,7 +317,7 @@ static void xcloselog(BIO* bp)
 
 static int VMS_OPC_target = LOG_DAEMON;
 
-static void xopenlog(BIO* bp, const char* name, int level)
+static void xopenlog(BIO* bp, char* name, int level)
 {
         VMS_OPC_target = level; 
 }
@@ -294,7 +352,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
         lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
 
         /* we know there's an 8 byte header.  That's documented */
-        opcdef_p = (struct opcdef *) Malloc(8 + len);
+        opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
         opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
         memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
         opcdef_p->opc$l_ms_rqstid = 0;
@@ -307,7 +365,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
         sys$sndopr(opc_dsc, 0);
 
-        Free(opcdef_p);
+        OPENSSL_free(opcdef_p);
 }
 
 static void xcloselog(BIO* bp)
@@ -316,7 +374,7 @@ static void xcloselog(BIO* bp)
 
 #else /* Unix */
 
-static void xopenlog(BIO* bp, const char* name, int level)
+static void xopenlog(BIO* bp, char* name, int level)
 {
         openlog(name, LOG_PID|LOG_CONS, level);
 }
diff --git a/src/lib/libssl/src/crypto/bio/bss_mem.c b/src/lib/libssl/src/crypto/bio/bss_mem.c
index 41eab92415..28ff7582bf 100644
--- a/src/lib/libssl/src/crypto/bio/bss_mem.c
+++ b/src/lib/libssl/src/crypto/bio/bss_mem.c
@@ -61,11 +61,11 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-static int mem_write(BIO *h,char *buf,int num);
-static int mem_read(BIO *h,char *buf,int size);
-static int mem_puts(BIO *h,char *str);
-static int mem_gets(BIO *h,char *str,int size);
-static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
 static int mem_free(BIO *data);
 static BIO_METHOD mem_method=
@@ -163,14 +163,14 @@ static int mem_read(BIO *b, char *out, int outl)
                 }
         } else if (bm->length == 0)
                 {
-                if (b->num != 0)
+                ret = b->num;
+                if (ret != 0)
                         BIO_set_retry_read(b);
-                ret= b->num;
                 }
         return(ret);
         }
 
-static int mem_write(BIO *b, char *in, int inl)
+static int mem_write(BIO *b, const char *in, int inl)
         {
         int ret= -1;
         int blen;
@@ -198,7 +198,7 @@ end:
         return(ret);
         }
 
-static long mem_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         char **pptr;
@@ -208,15 +208,20 @@ static long mem_ctrl(BIO *b, int cmd, long num, char *ptr)
         switch (cmd)
                 {
         case BIO_CTRL_RESET:
-                if (bm->data != NULL) {
+                if (bm->data != NULL)
+                        {
                         /* For read only case reset to the start again */
                         if(b->flags & BIO_FLAGS_MEM_RDONLY) 
-                                        bm->data -= bm->max - bm->length;
-                        else {
+                                {
+                                bm->data -= bm->max - bm->length;
+                                bm->length = bm->max;
+                                }
+                        else
+                                {
                                 memset(bm->data,0,bm->max);
                                 bm->length=0;
+                                }
                         }
-                }
                 break;
         case BIO_CTRL_EOF:
                 ret=(long)(bm->length == 0);
@@ -300,7 +305,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
         return(ret);
         }
 
-static int mem_puts(BIO *bp, char *str)
+static int mem_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_null.c b/src/lib/libssl/src/crypto/bio/bss_null.c
index aee18e3ada..46b73339df 100644
--- a/src/lib/libssl/src/crypto/bio/bss_null.c
+++ b/src/lib/libssl/src/crypto/bio/bss_null.c
@@ -61,11 +61,11 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-static int null_write(BIO *h,char *buf,int num);
-static int null_read(BIO *h,char *buf,int size);
-static int null_puts(BIO *h,char *str);
-static int null_gets(BIO *h,char *str,int size);
-static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int null_new(BIO *h);
 static int null_free(BIO *data);
 static BIO_METHOD null_method=
@@ -106,12 +106,12 @@ static int null_read(BIO *b, char *out, int outl)
         return(0);
         }
 
-static int null_write(BIO *b, char *in, int inl)
+static int null_write(BIO *b, const char *in, int inl)
         {
         return(inl);
         }
 
-static long null_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
 
@@ -142,7 +142,7 @@ static int null_gets(BIO *bp, char *buf, int size)
         return(0);
         }
 
-static int null_puts(BIO *bp, char *str)
+static int null_puts(BIO *bp, const char *str)
         {
         if (str == NULL) return(0);
         return(strlen(str));
diff --git a/src/lib/libssl/src/crypto/bio/bss_rtcp.c b/src/lib/libssl/src/crypto/bio/bss_rtcp.c
index 4ad0739464..7dae485564 100644
--- a/src/lib/libssl/src/crypto/bio/bss_rtcp.c
+++ b/src/lib/libssl/src/crypto/bio/bss_rtcp.c
@@ -88,11 +88,11 @@ struct rpc_ctx {
     struct rpc_msg msg;
 };
 
-static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_write(BIO *h,const char *buf,int num);
 static int rtcp_read(BIO *h,char *buf,int size);
-static int rtcp_puts(BIO *h,char *str);
+static int rtcp_puts(BIO *h,const char *str);
 static int rtcp_gets(BIO *h,char *str,int size);
-static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
 static int rtcp_new(BIO *h);
 static int rtcp_free(BIO *data);
 
@@ -156,7 +156,7 @@ static int rtcp_new(BIO *bi)
         bi->init=1;
         bi->num=0;
         bi->flags = 0;
-        bi->ptr=Malloc(sizeof(struct rpc_ctx));
+        bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
         ctx = (struct rpc_ctx *) bi->ptr;
         ctx->filled = 0;
         ctx->pos = 0;
@@ -166,7 +166,7 @@ static int rtcp_new(BIO *bi)
 static int rtcp_free(BIO *a)
 {
         if (a == NULL) return(0);
-        if ( a->ptr ) Free ( a->ptr );
+        if ( a->ptr ) OPENSSL_free ( a->ptr );
         a->ptr = NULL;
         return(1);
 }
@@ -218,7 +218,7 @@ static int rtcp_read(BIO *b, char *out, int outl)
     return length;
 }
 
-static int rtcp_write(BIO *b, char *in, int inl)
+static int rtcp_write(BIO *b, const char *in, int inl)
 {
     int status, i, segment, length;
     struct rpc_ctx *ctx;
@@ -247,7 +247,7 @@ static int rtcp_write(BIO *b, char *in, int inl)
     return(i);
 }
 
-static long rtcp_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
 
@@ -283,7 +283,7 @@ static int rtcp_gets(BIO *bp, char *buf, int size)
         return(0);
         }
 
-static int rtcp_puts(BIO *bp, char *str)
+static int rtcp_puts(BIO *bp, const char *str)
 {
     int length;
     if (str == NULL) return(0);
diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c
index 8ce80ef68d..50c6744c06 100644
--- a/src/lib/libssl/src/crypto/bio/bss_sock.c
+++ b/src/lib/libssl/src/crypto/bio/bss_sock.c
@@ -65,19 +65,19 @@
 #include <openssl/bio.h>
 
 #ifndef BIO_FD
-static int sock_write(BIO *h,char *buf,int num);
-static int sock_read(BIO *h,char *buf,int size);
-static int sock_puts(BIO *h,char *str);
-static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
 #else
 
-static int fd_write(BIO *h,char *buf,int num);
-static int fd_read(BIO *h,char *buf,int size);
-static int fd_puts(BIO *h,char *str);
-static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int fd_new(BIO *h);
 static int fd_free(BIO *data);
 int BIO_fd_should_retry(int s);
@@ -209,9 +209,9 @@ static int fd_read(BIO *b, char *out,int outl)
         }
 
 #ifndef BIO_FD
-static int sock_write(BIO *b, char *in, int inl)
+static int sock_write(BIO *b, const char *in, int inl)
 #else
-static int fd_write(BIO *b, char *in, int inl)
+static int fd_write(BIO *b, const char *in, int inl)
 #endif
         {
         int ret;
@@ -237,9 +237,9 @@ static int fd_write(BIO *b, char *in, int inl)
         }
 
 #ifndef BIO_FD
-static long sock_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 #else
-static long fd_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
         {
         long ret=1;
@@ -313,9 +313,9 @@ static int sock_gets(BIO *bp, char *buf,int size)
 #endif
 
 #ifndef BIO_FD
-static int sock_puts(BIO *bp, char *str)
+static int sock_puts(BIO *bp, const char *str)
 #else
-static int fd_puts(BIO *bp, char *str)
+static int fd_puts(BIO *bp, const char *str)
 #endif
         {
         int n,ret;
diff --git a/src/lib/libssl/src/crypto/bn/Makefile.ssl b/src/lib/libssl/src/crypto/bn/Makefile.ssl
index beb9c1b523..17b72d577f 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -170,118 +170,143 @@ clean:
 bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_add.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_add.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_add.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_asm.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_asm.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_asm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_asm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_blind.o: ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_blind.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_blind.o: ../cryptlib.h bn_lcl.h
 bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_ctx.o: ../../include/openssl/stack.h ../cryptlib.h
+bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_ctx.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_div.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_div.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
-bn_err.o: ../../include/openssl/bn.h ../../include/openssl/err.h
-bn_err.o: ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_div.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+bn_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_exp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_exp.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_exp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_exp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_exp2.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_exp2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_gcd.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_gcd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_lib.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mont.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_mont.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_mont.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_mpi.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_mpi.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_mul.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_mul.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_mul.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_mul.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_prime.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_prime.o: ../../include/openssl/opensslconf.h
 bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 bn_prime.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.h
+bn_prime.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_prime.h
 bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_print.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_print.o: ../../include/openssl/opensslconf.h
 bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_print.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_print.o: ../cryptlib.h bn_lcl.h
 bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_rand.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-bn_rand.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_rand.o: ../cryptlib.h bn_lcl.h
 bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_recp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_recp.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_recp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_recp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_shift.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_shift.o: ../../include/openssl/opensslconf.h
 bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_shift.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_shift.o: ../cryptlib.h bn_lcl.h
 bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_sqr.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_sqr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
 bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bn_word.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bn_word.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_word.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_word.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
diff --git a/src/lib/libssl/src/crypto/bn/asm/README b/src/lib/libssl/src/crypto/bn/asm/README
index 86bf64cfc2..a0fe58a677 100644
--- a/src/lib/libssl/src/crypto/bn/asm/README
+++ b/src/lib/libssl/src/crypto/bn/asm/README
@@ -15,9 +15,9 @@ On the 2 alpha C compilers I had access to, it was not possible to do
 were 64 bits).  So the hand assember gives access to the 128 bit result and
 a 2 times speedup :-).
 
-There are 2 versions of assember for the HP PA-RISC.
-pa-risc.s is the origional one which works fine.
-pa-risc2.s is a new version that often generates warnings but if the
-tests pass, it gives performance that is over 2 times faster than
-pa-risc.s.
-Both were generated using gcc :-)
+There are 3 versions of assember for the HP PA-RISC.
+
+pa-risc.s is the origional one which works fine and generated using gcc :-)
+
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
index c2725996a4..7239aa2c76 100644
--- a/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
@@ -1,416 +1,1618 @@
-        .SPACE $PRIVATE$
-        .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
-        .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
-        .SPACE $TEXT$
-        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
-        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
-        .IMPORT $global$,DATA
-        .IMPORT $$dyncall,MILLICODE
-; gcc_compiled.:
-        .SPACE $TEXT$
-        .SUBSPA $CODE$
-
-        .align 4
-        .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+;
+; PA-RISC 2.0 implementation of bn_asm code, based on the
+; 64-bit version of the code.  This code is effectively the
+; same as the 64-bit version except the register model is
+; slightly different given all values must be 32-bit between
+; function calls.  Thus the 64-bit return values are returned
+; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
+;
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+        .level  2.0N
+        .space  $TEXT$
+        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 32-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28,r29  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+n           .reg %r23
+
+;
+; Note that the "w" argument for bn_mul_add_words and bn_mul_words
+; is passed on the stack at a delta of -56 from the top of stack
+; as the routine is entered.
+;
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r23
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;                                                               int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg3 = num
+; -56(sp) =  w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
 bn_mul_add_words
-        .PROC
-        .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
-        .ENTRY
-        stw %r2,-20(0,%r30)
-        stwm %r4,64(0,%r30)
-        copy %r24,%r31
-        stw %r3,-60(0,%r30)
-        ldi 0,%r20
-        ldo 12(%r26),%r2
-        stw %r23,-16(0,%r30)
-        copy %r25,%r3
-        ldo 12(%r3),%r1
-        fldws -16(0,%r30),%fr8L
-L$0010
-        copy %r20,%r25
-        ldi 0,%r24
-        fldws 0(0,%r3),%fr9L
-        ldw 0(0,%r26),%r19
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r19,%r23
-        ldw -16(0,%r30),%r28
-        ldw -12(0,%r30),%r29
-        ldi 0,%r22
-        add %r23,%r29,%r29
-        addc %r22,%r28,%r28
-        add %r25,%r29,%r29
-        addc %r24,%r28,%r28
-        copy %r28,%r21
-        ldi 0,%r20
-        copy %r21,%r20
-        addib,= -1,%r31,L$0011
-        stw %r29,0(0,%r26)
-        copy %r20,%r25
-        ldi 0,%r24
-        fldws -8(0,%r1),%fr9L
-        ldw -8(0,%r2),%r19
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r19,%r23
-        ldw -16(0,%r30),%r28
-        ldw -12(0,%r30),%r29
-        ldi 0,%r22
-        add %r23,%r29,%r29
-        addc %r22,%r28,%r28
-        add %r25,%r29,%r29
-        addc %r24,%r28,%r28
-        copy %r28,%r21
-        ldi 0,%r20
-        copy %r21,%r20
-        addib,= -1,%r31,L$0011
-        stw %r29,-8(0,%r2)
-        copy %r20,%r25
-        ldi 0,%r24
-        fldws -4(0,%r1),%fr9L
-        ldw -4(0,%r2),%r19
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r19,%r23
-        ldw -16(0,%r30),%r28
-        ldw -12(0,%r30),%r29
-        ldi 0,%r22
-        add %r23,%r29,%r29
-        addc %r22,%r28,%r28
-        add %r25,%r29,%r29
-        addc %r24,%r28,%r28
-        copy %r28,%r21
-        ldi 0,%r20
-        copy %r21,%r20
-        addib,= -1,%r31,L$0011
-        stw %r29,-4(0,%r2)
-        copy %r20,%r25
-        ldi 0,%r24
-        fldws 0(0,%r1),%fr9L
-        ldw 0(0,%r2),%r19
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r19,%r23
-        ldw -16(0,%r30),%r28
-        ldw -12(0,%r30),%r29
-        ldi 0,%r22
-        add %r23,%r29,%r29
-        addc %r22,%r28,%r28
-        add %r25,%r29,%r29
-        addc %r24,%r28,%r28
-        copy %r28,%r21
-        ldi 0,%r20
-        copy %r21,%r20
-        addib,= -1,%r31,L$0011
-        stw %r29,0(0,%r2)
-        ldo 16(%r1),%r1
-        ldo 16(%r3),%r3
-        ldo 16(%r2),%r2
-        bl L$0010,0
-        ldo 16(%r26),%r26
-L$0011
-        copy %r20,%r28
-        ldw -84(0,%r30),%r2
-        ldw -60(0,%r30),%r3
-        bv 0(%r2)
-        ldwm -64(0,%r30),%r4
-        .EXIT
-        .PROCEND
-        .align 4
-        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+        .proc
+        .callinfo frame=128
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP                         ; Needed to make the loop 16-byte aligned
+        NOP                         ; needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+        NOP
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+
+    STD     %r8,40(%sp)         ; save r8  
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+        LDO     128(%sp),%sp        ; bump stack
+
+        ;
+        ; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+        ;
+        CMPIB,= 1,num,bn_mul_add_words_single_top
+        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+        LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret1            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+        
+    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg3 = num
+; w on stack at -56(sp)
+
 bn_mul_words
-        .PROC
-        .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
-        .ENTRY
-        stw %r2,-20(0,%r30)
-        copy %r25,%r2
-        stwm %r4,64(0,%r30)
-        copy %r24,%r19
-        ldi 0,%r28
-        stw %r23,-16(0,%r30)
-        ldo 12(%r26),%r31
-        ldo 12(%r2),%r29
-        fldws -16(0,%r30),%fr8L
-L$0026
-        fldws 0(0,%r2),%fr9L
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r28,%r21
-        ldi 0,%r20
-        ldw -16(0,%r30),%r24
-        ldw -12(0,%r30),%r25
-        add %r21,%r25,%r25
-        addc %r20,%r24,%r24
-        copy %r24,%r23
-        ldi 0,%r22
-        copy %r23,%r28
-        addib,= -1,%r19,L$0027
-        stw %r25,0(0,%r26)
-        fldws -8(0,%r29),%fr9L
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r28,%r21
-        ldi 0,%r20
-        ldw -16(0,%r30),%r24
-        ldw -12(0,%r30),%r25
-        add %r21,%r25,%r25
-        addc %r20,%r24,%r24
-        copy %r24,%r23
-        ldi 0,%r22
-        copy %r23,%r28
-        addib,= -1,%r19,L$0027
-        stw %r25,-8(0,%r31)
-        fldws -4(0,%r29),%fr9L
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r28,%r21
-        ldi 0,%r20
-        ldw -16(0,%r30),%r24
-        ldw -12(0,%r30),%r25
-        add %r21,%r25,%r25
-        addc %r20,%r24,%r24
-        copy %r24,%r23
-        ldi 0,%r22
-        copy %r23,%r28
-        addib,= -1,%r19,L$0027
-        stw %r25,-4(0,%r31)
-        fldws 0(0,%r29),%fr9L
-        xmpyu %fr8L,%fr9L,%fr9
-        fstds %fr9,-16(0,%r30)
-        copy %r28,%r21
-        ldi 0,%r20
-        ldw -16(0,%r30),%r24
-        ldw -12(0,%r30),%r25
-        add %r21,%r25,%r25
-        addc %r20,%r24,%r24
-        copy %r24,%r23
-        ldi 0,%r22
-        copy %r23,%r28
-        addib,= -1,%r19,L$0027
-        stw %r25,0(0,%r31)
-        ldo 16(%r29),%r29
-        ldo 16(%r2),%r2
-        ldo 16(%r31),%r31
-        bl L$0026,0
-        ldo 16(%r26),%r26
-L$0027
-        ldw -84(0,%r30),%r2
-        bv 0(%r2)
-        ldwm -64(0,%r30),%r4
-        .EXIT
-        .PROCEND
-        .align 4
-        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+        .proc
+        .callinfo frame=128
+    .entry
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+        LDO     128(%sp),%sp    ; bump stack
+
+        ;
+        ; See if only 1 word to do, thus just do cleanup
+        ;
+        CMPIB,= 1,num,bn_mul_words_single_top
+        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+        COPY    ht_1,%ret1                ; carry = ht
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret1                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
 bn_sqr_words
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; If only 1, the goto straight to cleanup
+        ;
+        CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+        .proc
+    .entry
+        .callinfo
+        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_add_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_add_words_unroll2
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+        ADD     t,%ret1,t                    ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1                ; set c to carry
+        ADD     t,b,l                        ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1              ; c+= carry
+        STD     l,0(r_ptr)
+
+        LDD     8(a_ptr),t
+        LDD     8(b_ptr),b
+        ADD     t,%ret1,t                     ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1                 ; set c to carry
+        ADD     t,b,l                         ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1               ; c+= carry
+        STD     l,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_add_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+
+        ADD     t,%ret1,t                 ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
+        ADD     t,b,l                     ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1           ; c+= carry
+        STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+        .proc
+        .callinfo 
+        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_sub_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_sub_words_unroll2
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
+
+        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+        STD     sub_tmp1,0(r_ptr)
+
+        LDD     8(a_ptr),t1
+        LDD     8(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+        STD     sub_tmp1,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_sub_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+
+        STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just output from the HP C compiler.  
+;
+;------------------------------------------------------------------------------
+bn_div_words
         .PROC
-        .CALLINFO FRAME=0,NO_CALLS
-        .ENTRY
-        ldo 28(%r26),%r19
-        ldo 12(%r25),%r28
-L$0042
-        fldws 0(0,%r25),%fr8L
-        fldws 0(0,%r25),%fr8R
-        xmpyu %fr8L,%fr8R,%fr8
-        fstds %fr8,-16(0,%r30)
-        ldw -16(0,%r30),%r22
-        ldw -12(0,%r30),%r23
-        stw %r23,0(0,%r26)
-        copy %r22,%r21
-        ldi 0,%r20
-        addib,= -1,%r24,L$0049
-        stw %r21,-24(0,%r19)
-        fldws -8(0,%r28),%fr8L
-        fldws -8(0,%r28),%fr8R
-        xmpyu %fr8L,%fr8R,%fr8
-        fstds %fr8,-16(0,%r30)
-        ldw -16(0,%r30),%r22
-        ldw -12(0,%r30),%r23
-        stw %r23,-20(0,%r19)
-        copy %r22,%r21
-        ldi 0,%r20
-        addib,= -1,%r24,L$0049
-        stw %r21,-16(0,%r19)
-        fldws -4(0,%r28),%fr8L
-        fldws -4(0,%r28),%fr8R
-        xmpyu %fr8L,%fr8R,%fr8
-        fstds %fr8,-16(0,%r30)
-        ldw -16(0,%r30),%r22
-        ldw -12(0,%r30),%r23
-        stw %r23,-12(0,%r19)
-        copy %r22,%r21
-        ldi 0,%r20
-        addib,= -1,%r24,L$0049
-        stw %r21,-8(0,%r19)
-        fldws 0(0,%r28),%fr8L
-        fldws 0(0,%r28),%fr8R
-        xmpyu %fr8L,%fr8R,%fr8
-        fstds %fr8,-16(0,%r30)
-        ldw -16(0,%r30),%r22
-        ldw -12(0,%r30),%r23
-        stw %r23,-4(0,%r19)
-        copy %r22,%r21
-        ldi 0,%r20
-        addib,= -1,%r24,L$0049
-        stw %r21,0(0,%r19)
-        ldo 16(%r28),%r28
-        ldo 16(%r25),%r25
-        ldo 32(%r19),%r19
-        bl L$0042,0
-        ldo 32(%r26),%r26
-L$0049
-        bv,n 0(%r2)
-        .EXIT
-        .PROCEND
-        .IMPORT BN_num_bits_word,CODE
-        .IMPORT fprintf,CODE
-        .IMPORT __iob,DATA
-        .SPACE $TEXT$
-        .SUBSPA $LIT$
-
-        .align 4
-L$C0000
-        .STRING "Division would overflow (%d)\x0a\x00"
-        .IMPORT abort,CODE
-        .SPACE $TEXT$
-        .SUBSPA $CODE$
-
-        .align 4
-        .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
-bn_div64
+        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+        .IMPORT BN_num_bits_word,CODE
+        .IMPORT __iob,DATA
+        .IMPORT fprintf,CODE
+        .IMPORT abort,CODE
+        .IMPORT $$div2U,MILLICODE
+        .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .ENTRY
+        STW     %r2,-20(%r30)   ;offset 0x8ec
+        STW,MA  %r3,192(%r30)   ;offset 0x8f0
+        STW     %r4,-188(%r30)  ;offset 0x8f4
+        DEPD    %r5,31,32,%r6   ;offset 0x8f8
+        STD     %r6,-184(%r30)  ;offset 0x8fc
+        DEPD    %r7,31,32,%r8   ;offset 0x900
+        STD     %r8,-176(%r30)  ;offset 0x904
+        STW     %r9,-168(%r30)  ;offset 0x908
+        LDD     -248(%r30),%r3  ;offset 0x90c
+        COPY    %r26,%r4        ;offset 0x910
+        COPY    %r24,%r5        ;offset 0x914
+        DEPD    %r25,31,32,%r4  ;offset 0x918
+        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
+        DEPD    %r23,31,32,%r5  ;offset 0x920
+        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
+        EXTRD,U %r29,31,32,%r28 ;offset 0x928
+$0006002A
+        LDO     -1(%r29),%r29   ;offset 0x92c
+        SUB     %r23,%r7,%r23   ;offset 0x930
+$00060024
+        SUB     %r4,%r31,%r25   ;offset 0x934
+        AND     %r25,%r19,%r26  ;offset 0x938
+        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
+        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
+        OR      %r20,%r24,%r21  ;offset 0x944
+        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
+        SUB     %r31,%r2,%r31   ;offset 0x94c
+$00060046
+$0006002E
+        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
+        EXTRD,U %r23,31,32,%r26 ;offset 0x954
+        AND     %r25,%r19,%r24  ;offset 0x958
+        ADD,L   %r31,%r26,%r31  ;offset 0x95c
+        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
+        LDO     1(%r31),%r31    ;offset 0x964
+$00060032
+        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
+        LDO     -1(%r29),%r29   ;offset 0x96c
+        ADD,L   %r4,%r3,%r4     ;offset 0x970
+$00060036
+        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
+        SUB     %r5,%r24,%r28   ;offset 0x978
+$0006003A
+        SUB     %r4,%r31,%r24   ;offset 0x97c
+        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
+        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
+        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
+$0006001C
+        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
+        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
+        MOVB,TR %r6,%r29,$D1    ;offset 0x994
+        STD     %r29,-152(%r30) ;offset 0x998
+$0006000C
+        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
+        COPY    %r3,%r26        ;offset 0x9a0
+        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
+        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
+        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
+        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
+        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
+        LDI     64,%r20 ;offset 0x9b4
+        DEPD    %r7,31,32,%r5   ;offset 0x9b8
+        DEPD    %r8,31,32,%r4   ;offset 0x9bc
+        DEPD    %r9,31,32,%r3   ;offset 0x9c0
+        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
+        COPY    %r28,%r24       ;offset 0x9c8
+        MTSARCM %r24    ;offset 0x9cc
+        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
+        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
+$00060012
+        SUBI    64,%r24,%r31    ;offset 0x9d8
+        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
+        SUB     %r4,%r3,%r4     ;offset 0x9e0
+$00060016
+        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
+        COPY    %r0,%r9 ;offset 0x9e8
+        MTSARCM %r31    ;offset 0x9ec
+        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
+        SUBI    64,%r31,%r26    ;offset 0x9f4
+        MTSAR   %r26    ;offset 0x9f8
+        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
+        MTSARCM %r31    ;offset 0xa00
+        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
+$0006001A
+        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
+        AND     %r3,%r19,%r29   ;offset 0xa0c
+        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
+        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
+        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+$D2
+        ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+        LDIL    LR'C$7,%r21     ;offset 0xa24
+        LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+        .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+        B,L     fprintf,%r2     ;offset 0xa2c
+        LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+        .CALL           ;
+        B,L     abort,%r2       ;offset 0xa34
+        NOP             ;offset 0xa38
+        B       $D3     ;offset 0xa3c
+        LDW     -212(%r30),%r2  ;offset 0xa40
+$00060020
+        COPY    %r4,%r26        ;offset 0xa44
+        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
+        COPY    %r2,%r24        ;offset 0xa4c
+        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+        B,L     $$div2U,%r31    ;offset 0xa50
+        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
+        DEPD    %r28,31,32,%r29 ;offset 0xa58
+$00060022
+        STD     %r29,-152(%r30) ;offset 0xa5c
+$D1
+        AND     %r5,%r19,%r24   ;offset 0xa60
+        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
+        STW     %r2,-160(%r30)  ;offset 0xa68
+        STW     %r7,-128(%r30)  ;offset 0xa6c
+        FLDD    -152(%r30),%fr4 ;offset 0xa70
+        FLDD    -152(%r30),%fr7 ;offset 0xa74
+        FLDW    -160(%r30),%fr8L        ;offset 0xa78
+        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
+        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
+        FSTD    %fr10,-136(%r30)        ;offset 0xa84
+        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
+        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
+        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
+        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
+        FSTD    %fr11,-112(%r30)        ;offset 0xa98
+        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
+        LDD     -136(%r30),%r28 ;offset 0xaa0
+        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
+        LDD     -144(%r30),%r20 ;offset 0xaa8
+        ADD,L   %r20,%r31,%r31  ;offset 0xaac
+        LDD     -112(%r30),%r22 ;offset 0xab0
+        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
+        LDD     -120(%r30),%r21 ;offset 0xab8
+        B       $00060024       ;offset 0xabc
+        ADD,L   %r21,%r22,%r23  ;offset 0xac0
+$D0
+        OR      %r9,%r29,%r29   ;offset 0xac4
+$00060040
+        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
+$00060002
+$L2
+        LDW     -212(%r30),%r2  ;offset 0xacc
+$D3
+        LDW     -168(%r30),%r9  ;offset 0xad0
+        LDD     -176(%r30),%r8  ;offset 0xad4
+        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
+        LDD     -184(%r30),%r6  ;offset 0xadc
+        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
+        LDW     -188(%r30),%r4  ;offset 0xae4
+        BVE     (%r2)   ;offset 0xae8
+        .EXIT
+        LDW,MB  -192(%r30),%r3  ;offset 0xaec
+        .PROCEND        ;in=23,25;out=28,29;fpin=105,107;
+
+
+
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
         .PROC
-        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
-        .ENTRY
-        stw %r2,-20(0,%r30)
-        stwm %r8,128(0,%r30)
-        stw %r7,-124(0,%r30)
-        stw %r4,-112(0,%r30)
-        stw %r3,-108(0,%r30)
-        copy %r26,%r3
-        copy %r25,%r4
-        stw %r6,-120(0,%r30)
-        ldi 0,%r7
-        stw %r5,-116(0,%r30)
-        movb,<> %r24,%r5,L$0051
-        ldi 2,%r6
-        bl L$0068,0
-        ldi -1,%r28
-L$0051
-        .CALL ARGW0=GR
-        bl BN_num_bits_word,%r2
-        copy %r5,%r26
-        copy %r28,%r24
-        ldi 32,%r19
-        comb,= %r19,%r24,L$0052
-        subi 31,%r24,%r19
-        mtsar %r19
-        zvdepi 1,32,%r19
-        comb,>>= %r19,%r3,L$0052
-        addil LR'__iob-$global$+32,%r27
-        ldo RR'__iob-$global$+32(%r1),%r26
-        ldil LR'L$C0000,%r25
-        .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
-        bl fprintf,%r2
-        ldo RR'L$C0000(%r25),%r25
-        .CALL 
-        bl abort,%r2
-        nop
-L$0052
-        comb,>> %r5,%r3,L$0053
-        subi 32,%r24,%r24
-        sub %r3,%r5,%r3
-L$0053
-        comib,= 0,%r24,L$0054
-        subi 31,%r24,%r19
-        mtsar %r19
-        zvdep %r5,32,%r5
-        zvdep %r3,32,%r21
-        subi 32,%r24,%r20
-        mtsar %r20
-        vshd 0,%r4,%r20
-        or %r21,%r20,%r3
-        mtsar %r19
-        zvdep %r4,32,%r4
-L$0054
-        extru %r5,15,16,%r23
-        extru %r5,31,16,%r28
-L$0055
-        extru %r3,15,16,%r19
-        comb,<> %r23,%r19,L$0058
-        copy %r3,%r26
-        bl L$0059,0
-        zdepi -1,31,16,%r29
-L$0058
-        .IMPORT $$divU,MILLICODE
-        bl $$divU,%r31
-        copy %r23,%r25
-L$0059
-        stw %r29,-16(0,%r30)
-        fldws -16(0,%r30),%fr10L
-        stw %r28,-16(0,%r30)
-        fldws -16(0,%r30),%fr10R
-        stw %r23,-16(0,%r30)
-        xmpyu %fr10L,%fr10R,%fr8
-        fldws -16(0,%r30),%fr10R
-        fstws %fr8R,-16(0,%r30)
-        xmpyu %fr10L,%fr10R,%fr9
-        ldw -16(0,%r30),%r8
-        fstws %fr9R,-16(0,%r30)
-        copy %r8,%r22
-        ldw -16(0,%r30),%r8
-        extru %r4,15,16,%r24
-        copy %r8,%r21
-L$0060
-        sub %r3,%r21,%r20
-        copy %r20,%r19
-        depi 0,31,16,%r19
-        comib,<> 0,%r19,L$0061
-        zdep %r20,15,16,%r19
-        addl %r19,%r24,%r19
-        comb,>>= %r19,%r22,L$0061
-        sub %r22,%r28,%r22
-        sub %r21,%r23,%r21
-        bl L$0060,0
-        ldo -1(%r29),%r29
-L$0061
-        stw %r29,-16(0,%r30)
-        fldws -16(0,%r30),%fr10L
-        stw %r28,-16(0,%r30)
-        fldws -16(0,%r30),%fr10R
-        xmpyu %fr10L,%fr10R,%fr8
-        fstws %fr8R,-16(0,%r30)
-        ldw -16(0,%r30),%r8
-        stw %r23,-16(0,%r30)
-        fldws -16(0,%r30),%fr10R
-        copy %r8,%r19
-        xmpyu %fr10L,%fr10R,%fr8
-        fstws %fr8R,-16(0,%r30)
-        extru %r19,15,16,%r20
-        ldw -16(0,%r30),%r8
-        zdep %r19,15,16,%r19
-        addl %r8,%r20,%r20
-        comclr,<<= %r19,%r4,0
-        addi 1,%r20,%r20
-        comb,<<= %r20,%r3,L$0066
-        sub %r4,%r19,%r4
-        addl %r3,%r5,%r3
-        ldo -1(%r29),%r29
-L$0066
-        addib,= -1,%r6,L$0056
-        sub %r3,%r20,%r3
-        zdep %r29,15,16,%r7
-        shd %r3,%r4,16,%r3
-        bl L$0055,0
-        zdep %r4,15,16,%r4
-L$0056
-        or %r7,%r29,%r28
-L$0068
-        ldw -148(0,%r30),%r2
-        ldw -124(0,%r30),%r7
-        ldw -120(0,%r30),%r6
-        ldw -116(0,%r30),%r5
-        ldw -112(0,%r30),%r4
-        ldw -108(0,%r30),%r3
-        bv 0(%r2)
-        ldwm -128(0,%r30),%r8
-        .EXIT
-        .PROCEND
+        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+        STD     c2,32(r_ptr)          ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)          ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+        STD     c1,48(r_ptr)          ; r[6] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+        STD     c2,56(r_ptr)          ; r[7] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+        STD     c3,64(r_ptr)          ; r[8] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+        STD     c1,72(r_ptr)          ; r[9] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a5L,a5R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+        STD     c2,80(r_ptr)          ; r[10] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+        STD     c3,88(r_ptr)          ; r[11] = c3;
+        COPY    %r0,c3
+        
+        SQR_ADD_C a6L,a6R,c1,c2,c3
+        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+        STD     c1,96(r_ptr)          ; r[12] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+        STD     c2,104(r_ptr)         ; r[13] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a7L,a7R,c3,c1,c2
+        STD     c3, 112(r_ptr)       ; r[14] = c3
+        STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+        STD     c2,32(r_ptr)           ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)           ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        STD     c1,48(r_ptr)           ; r[6] = c1;
+        STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        COPY      %r0,c1
+        
+        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+        STD       c2,56(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+        STD       c3,64(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+        STD       c1,72(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+        STD       c2,80(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+        STD       c3,88(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+        STD       c1,96(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+        STD       c2,104(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+        STD       c3,112(r_ptr)
+        STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SPACE  $PRIVATE$,SORT=16
+        .IMPORT $global$,DATA
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+C$7
+        .ALIGN  8
+        .STRINGZ        "Division would overflow (%d)\n"
+        .END
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s
new file mode 100644
index 0000000000..54b6606252
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s
@@ -0,0 +1,1605 @@
+;
+; PA-RISC 64-bit implementation of bn_asm code
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+        .level  2.0W
+        .space  $TEXT$
+        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 64-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     global data pointer    ; r27  (dp)
+;     argument pointer       ; r29  (ap)
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+w           .reg %r23
+n           .reg %r23
+
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r29
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;                                                               int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = num
+; arg3 = w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+        .proc
+        .callinfo frame=128
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP                         ; Needed to make the loop 16-byte aligned
+        NOP                         ; Needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    STD     %r8,40(%sp)         ; save r8  
+
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+        STD     w,56(%sp)           ; store w on stack
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+        ;
+        CMPIB,= 1,num,bn_mul_add_words_single_top
+        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+        LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret0            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+; arg3 = w
+
+bn_mul_words
+        .proc
+        .callinfo frame=128
+    .entry
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+        STD     w,56(%sp)           ; w on stack
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; See if only 1 word to do, thus just do cleanup
+        ;
+        CMPIB,= 1,num,bn_mul_words_single_top
+        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+        COPY    ht_1,%ret0                ; carry = ht
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret0                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; If only 1, the goto straight to cleanup
+        ;
+        CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+        .proc
+    .entry
+        .callinfo
+        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_add_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_add_words_unroll2
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+        ADD     t,%ret0,t                    ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0                ; set c to carry
+        ADD     t,b,l                        ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0              ; c+= carry
+        STD     l,0(r_ptr)
+
+        LDD     8(a_ptr),t
+        LDD     8(b_ptr),b
+        ADD     t,%ret0,t                     ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0                 ; set c to carry
+        ADD     t,b,l                         ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0               ; c+= carry
+        STD     l,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_add_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+
+        ADD     t,%ret0,t                 ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
+        ADD     t,b,l                     ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0           ; c+= carry
+        STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+        NOP
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+        .proc
+        .callinfo 
+        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_sub_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_sub_words_unroll2
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
+
+        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+        STD     sub_tmp1,0(r_ptr)
+
+        LDD     8(a_ptr),t1
+        LDD     8(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+        STD     sub_tmp1,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_sub_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+
+        STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+        NOP
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just modified assembly from the compiler, thus the
+; lack of variable names.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+        .proc
+        .callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .IMPORT BN_num_bits_word,CODE,NO_RELOCATION
+        .IMPORT __iob,DATA
+        .IMPORT fprintf,CODE,NO_RELOCATION
+        .IMPORT abort,CODE,NO_RELOCATION
+        .IMPORT $$div2U,MILLICODE
+    .entry
+    STD     %r2,-16(%r30)   
+    STD,MA  %r3,352(%r30)   
+    STD     %r4,-344(%r30)  
+    STD     %r5,-336(%r30)  
+    STD     %r6,-328(%r30)  
+    STD     %r7,-320(%r30)  
+    STD     %r8,-312(%r30)  
+    STD     %r9,-304(%r30)  
+    STD     %r10,-296(%r30)
+
+    STD     %r27,-288(%r30)             ; save gp
+
+    COPY    %r24,%r3           ; save d 
+    COPY    %r26,%r4           ; save h (high 64-bits)
+    LDO      -1(%r0),%ret0     ; return -1 by default   
+
+    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
+    COPY    %r25,%r5           ; save l (low 64-bits)
+
+    LDO     -48(%r30),%r29     ; create ap 
+    .CALL   ;in=26,29;out=28;
+    B,L     BN_num_bits_word,%r2 
+    COPY    %r3,%r26        
+    LDD     -288(%r30),%r27    ; restore gp 
+    LDI     64,%r21 
+
+    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
+    COPY    %ret0,%r24             ; i   
+    MTSARCM %r24    
+    DEPDI,Z -1,%sar,1,%r29  
+    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
+
+$00000012
+    SUBI    64,%r24,%r31                       ; i = 64 - i;
+    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
+    SUB     %r4,%r3,%r4                        ; h -= d
+    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
+    COPY    %r0,%r10                           ; ret = 0
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
+    SUBI    64,%r31,%r19                       ; 64 - i; redundent
+    MTSAR   %r19                               ; (64 -i) to shift
+    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
+
+$0000001A
+    DEPDI,Z -1,31,32,%r19                      
+    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
+    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
+    LDO     2(%r0),%r9
+    STD    %r3,-280(%r30)                      ; "d" to stack
+
+$0000001C
+    DEPDI,Z -1,63,32,%r29                      ; 
+    EXTRD,U %r4,31,32,%r31                     ; h >> 32
+    CMPB,*=,N  %r31,%r6,$D2                    ; if ((h>>32) != dh)(forward) div
+    COPY    %r4,%r26       
+    EXTRD,U %r4,31,32,%r25 
+    COPY    %r6,%r24      
+    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+    B,L     $$div2U,%r2     
+    EXTRD,U %r6,31,32,%r23  
+    DEPD    %r28,31,32,%r29 
+$D2
+    STD     %r29,-272(%r30)                   ; q
+    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
+    EXTRD,U %r24,31,32,%r24                 ; ??? 
+    FLDD    -272(%r30),%fr7                 ; q
+    FLDD    -280(%r30),%fr8                 ; d
+    XMPYU   %fr8L,%fr7L,%fr10  
+    FSTD    %fr10,-256(%r30)   
+    XMPYU   %fr8L,%fr7R,%fr22  
+    FSTD    %fr22,-264(%r30)   
+    XMPYU   %fr8R,%fr7L,%fr11 
+    XMPYU   %fr8R,%fr7R,%fr23
+    FSTD    %fr11,-232(%r30)
+    FSTD    %fr23,-240(%r30)
+    LDD     -256(%r30),%r28
+    DEPD,Z  %r28,31,32,%r2 
+    LDD     -264(%r30),%r20
+    ADD,L   %r20,%r2,%r31   
+    LDD     -232(%r30),%r22 
+    DEPD,Z  %r22,31,32,%r22 
+    LDD     -240(%r30),%r21 
+    B       $00000024       ; enter loop  
+    ADD,L   %r21,%r22,%r23 
+
+$0000002A
+    LDO     -1(%r29),%r29   
+    SUB     %r23,%r8,%r23   
+$00000024
+    SUB     %r4,%r31,%r25   
+    AND     %r25,%r19,%r26  
+    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
+    DEPD,Z  %r25,31,32,%r20 
+    OR      %r20,%r24,%r21  
+    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
+    SUB     %r31,%r6,%r31   
+;-------------Break path---------------------
+
+$00000046
+    DEPD,Z  %r23,31,32,%r25              ;tl
+    EXTRD,U %r23,31,32,%r26              ;t
+    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
+    ADD,L   %r31,%r26,%r31               ;th += t; 
+    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
+    LDO     1(%r31),%r31                 ; th++;
+    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
+    LDO     -1(%r29),%r29                ;q--; 
+    ADD,L   %r4,%r3,%r4                  ;h += d;
+$00000036
+    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
+    SUB     %r5,%r24,%r28                ; l -= tl;
+    SUB     %r4,%r31,%r24                ; h -= th;
+    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
+    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
+    b      $0000001C
+    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
+
+$D1
+    OR      %r10,%r29,%r28           ; ret |= q
+$D3
+    LDD     -368(%r30),%r2  
+$D0
+    LDD     -296(%r30),%r10 
+    LDD     -304(%r30),%r9  
+    LDD     -312(%r30),%r8  
+    LDD     -320(%r30),%r7  
+    LDD     -328(%r30),%r6  
+    LDD     -336(%r30),%r5  
+    LDD     -344(%r30),%r4  
+    BVE     (%r2)   
+        .EXIT
+    LDD,MB  -352(%r30),%r3 
+
+bn_div_err_case
+    MFIA    %r6     
+    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
+    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
+    ADDIL   LT'__iob,%r27,%r1       
+    LDD     RT'__iob(%r1),%r26      
+    ADDIL   L'C$4-bn_div_words,%r6,%r1    
+    LDO     R'C$4-bn_div_words(%r1),%r25  
+    LDO     64(%r26),%r26   
+    .CALL           ;in=24,25,26,29;out=28;
+    B,L     fprintf,%r2    
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    .CALL           ;in=29;
+    B,L     abort,%r2      
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    B       $D0         
+    LDD     -368(%r30),%r2  
+        .PROCEND        ;in=24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+        .PROC
+        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+        STD     c2,32(r_ptr)          ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)          ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+        STD     c1,48(r_ptr)          ; r[6] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+        STD     c2,56(r_ptr)          ; r[7] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+        STD     c3,64(r_ptr)          ; r[8] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+        STD     c1,72(r_ptr)          ; r[9] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a5L,a5R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+        STD     c2,80(r_ptr)          ; r[10] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+        STD     c3,88(r_ptr)          ; r[11] = c3;
+        COPY    %r0,c3
+        
+        SQR_ADD_C a6L,a6R,c1,c2,c3
+        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+        STD     c1,96(r_ptr)          ; r[12] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+        STD     c2,104(r_ptr)         ; r[13] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a7L,a7R,c3,c1,c2
+        STD     c3, 112(r_ptr)       ; r[14] = c3
+        STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+        STD     c2,32(r_ptr)           ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)           ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        STD     c1,48(r_ptr)           ; r[6] = c1;
+        STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        COPY      %r0,c1
+        
+        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+        STD       c2,56(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+        STD       c3,64(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+        STD       c1,72(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+        STD       c2,80(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+        STD       c3,88(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+        STD       c1,96(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+        STD       c2,104(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+        STD       c3,112(r_ptr)
+        STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SPACE  $PRIVATE$,SORT=16
+        .IMPORT $global$,DATA
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+C$4
+        .ALIGN  8
+        .STRINGZ        "Division would overflow (%d)\n"
+        .END
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 009b0eb685..1eb8395b25 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
 
-#ifndef WIN16
+#ifndef NO_FP_API
 #include <stdio.h> /* FILE */
 #endif
 #include <openssl/opensslconf.h>
@@ -233,7 +233,7 @@ typedef struct bignum_st
         BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
         int top;        /* Index of last used d +1. */
         /* The next are internal book keeping for bn_expand. */
-        int max;        /* Size of the d array. */
+        int dmax;       /* Size of the d array. */
         int neg;        /* one if the number is negative */
         int flags;
         } BIGNUM;
@@ -364,6 +364,8 @@ int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                    const BIGNUM *m,BN_CTX *ctx);
 int     BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int     BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int     BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
                 BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
 int     BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
@@ -433,9 +435,9 @@ int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
 
 /* library internal functions */
 
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->max)?\
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
         (a):bn_expand2((a),(bits)/BN_BITS2+1))
-#define bn_wexpand(a,words) (((words) <= (a)->max)?(a):bn_expand2((a),(words)))
+#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 
 #define bn_fix_top(a) \
@@ -483,7 +485,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 #define BN_F_BN_CTX_NEW                                  106
 #define BN_F_BN_DIV                                      107
 #define BN_F_BN_EXPAND2                                  108
+#define BN_F_BN_MOD_EXP2_MONT                            118
 #define BN_F_BN_MOD_EXP_MONT                             109
+#define BN_F_BN_MOD_EXP_MONT_WORD                        117
 #define BN_F_BN_MOD_INVERSE                              110
 #define BN_F_BN_MOD_MUL_RECIPROCAL                       111
 #define BN_F_BN_MPI2BN                                   112
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c
index 3329cc18e6..44e52a40db 100644
--- a/src/lib/libssl/src/crypto/bn/bn_asm.c
+++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -227,7 +227,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 
 #else
 
-/* Divide h-l by d and return the result. */
+/* Divide h,l by d and return the result. */
 /* I need to test this some more :-( */
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
         {
@@ -237,13 +237,8 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
         if (d == 0) return(BN_MASK2);
 
         i=BN_num_bits_word(d);
-        if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
-                {
-#if !defined(NO_STDIO) && !defined(WIN16)
-                fprintf(stderr,"Division would overflow (%d)\n",i);
-#endif
-                abort();
-                }
+        assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+
         i=BN_BITS2-i;
         if (h >= d) h-=d;
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_blind.c b/src/lib/libssl/src/crypto/bn/bn_blind.c
index 1b1bb06046..2d287e6d1b 100644
--- a/src/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/src/lib/libssl/src/crypto/bn/bn_blind.c
@@ -67,7 +67,7 @@ BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
         bn_check_top(Ai);
         bn_check_top(mod);
 
-        if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
+        if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
                 {
                 BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
                 return(NULL);
@@ -91,7 +91,7 @@ void BN_BLINDING_free(BN_BLINDING *r)
 
         if (r->A  != NULL) BN_free(r->A );
         if (r->Ai != NULL) BN_free(r->Ai);
-        Free(r);
+        OPENSSL_free(r);
         }
 
 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
diff --git a/src/lib/libssl/src/crypto/bn/bn_ctx.c b/src/lib/libssl/src/crypto/bn/bn_ctx.c
index 46132fd180..b1a8d7571e 100644
--- a/src/lib/libssl/src/crypto/bn/bn_ctx.c
+++ b/src/lib/libssl/src/crypto/bn/bn_ctx.c
@@ -69,7 +69,7 @@ BN_CTX *BN_CTX_new(void)
         {
         BN_CTX *ret;
 
-        ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
+        ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX));
         if (ret == NULL)
                 {
                 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -102,7 +102,7 @@ void BN_CTX_free(BN_CTX *ctx)
         for (i=0; i < BN_CTX_NUM; i++)
                 BN_clear_free(&(ctx->bn[i]));
         if (ctx->flags & BN_FLG_MALLOCED)
-                Free(ctx);
+                OPENSSL_free(ctx);
         }
 
 void BN_CTX_start(BN_CTX *ctx)
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index 07af1d3b44..c3772c243b 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -205,7 +205,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
         BN_init(&wnum);
         wnum.d=  &(snum->d[loop]);
         wnum.top= div_n;
-        wnum.max= snum->max+1; /* a bit of a lie */
+        wnum.dmax= snum->dmax+1; /* a bit of a lie */
 
         /* Get the top 2 words of sdiv */
         /* i=sdiv->top; */
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c
index 988270bcf4..86550c4c21 100644
--- a/src/lib/libssl/src/crypto/bn/bn_err.c
+++ b/src/lib/libssl/src/crypto/bn/bn_err.c
@@ -76,7 +76,9 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
 {ERR_PACK(0,BN_F_BN_DIV,0),     "BN_div"},
 {ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0),   "BN_mod_exp2_mont"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),    "BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0),       "BN_mod_exp_mont_word"},
 {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),     "BN_mod_inverse"},
 {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),      "BN_mod_mul_reciprocal"},
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),  "BN_mpi2bn"},
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
index 0c11601675..d2c91628ac 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -55,18 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
 
-#define TABLE_SIZE      16
+#define TABLE_SIZE      32
 
 /* slow but works */
 int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
@@ -91,42 +139,6 @@ err:
         return(r);
         }
 
-#if 0
-/* this one works - simple but works */
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
-        {
-        int i,bits,ret=0;
-        BIGNUM *v,*tmp;
-
-        BN_CTX_start(ctx);
-        v = BN_CTX_get(ctx);
-        tmp = BN_CTX_get(ctx);
-        if (v == NULL || tmp == NULL) goto err;
-
-        if (BN_copy(v,a) == NULL) goto err;
-        bits=BN_num_bits(p);
-
-        if (BN_is_odd(p))
-                { if (BN_copy(r,a) == NULL) goto err; }
-        else    { if (!BN_one(r)) goto err; }
-
-        for (i=1; i<bits; i++)
-                {
-                if (!BN_sqr(tmp,v,ctx)) goto err;
-                if (!BN_mod(v,tmp,m,ctx)) goto err;
-                if (BN_is_bit_set(p,i))
-                        {
-                        if (!BN_mul(tmp,r,v,ctx)) goto err;
-                        if (!BN_mod(r,tmp,m,ctx)) goto err;
-                        }
-                }
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-#endif
 
 /* this one works - simple but works */
 int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
@@ -163,172 +175,6 @@ err:
         return(ret);
         }
 
-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module.  If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-                                            unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-                                     unsigned char *output,
-                                     unsigned char *input,
-                                     unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
-        {
-        void *dl_handle;
-        int status;
-        unsigned int config_buf[1024]; 
-        static int tested;
-
-        if(tested)
-                return;
-
-        tested=1;
-
-        bzero((void *)config_buf, 1024);
-
-        /*
-         * Check to see if the library is present on the system
-         */
-        dl_handle = dlopen("atasi.so", RTLD_NOW);
-        if (dl_handle == (void *) NULL)
-                {
-/*              printf("atasi.so library is not present on the system\n");
-                printf("No HW acceleration available\n");*/
-                return;
-                }
-
-        /*
-         * The library is present.  Now we'll check to insure that the
-         * LDM is up and running. First we'll get the address of the
-         * function in the atasi library that we need to see if the
-         * LDM is operating.
-         */
-
-        ptr_ASI_GetHardwareConfig =
-          (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
-        if (ptr_ASI_GetHardwareConfig)
-                {
-                /*
-                 * We found the call, now we'll get our config
-                 * status.  If we get a non 0 result, the LDM is not
-                 * running and we cannot use the Atalla ASI *
-                 * library.
-                 */
-                status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
-                if (status != 0)
-                        {
-                        printf("atasi.so library is present but not initialized\n");
-                        printf("No HW acceleration available\n");
-                        return;
-                        }    
-                }
-        else
-                {
-/*              printf("We found the library, but not the function. Very Strange!\n");*/
-                return ;
-                }
-
-        /* 
-         * It looks like we have acceleration capabilities.  Load up the
-         * pointers to our ASI API calls.
-         */
-        ptr_ASI_RSAPrivateKeyOpFn=
-          (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
-        if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
-                {
-/*              printf("We found the library, but no RSA function. Very Strange!\n");*/
-                return;
-                }
-
-        ptr_ASI_GetPerformanceStatistics =
-          (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
-        if (ptr_ASI_GetPerformanceStatistics == NULL)
-                {
-/*              printf("We found the library, but no stat function. Very Strange!\n");*/
-                return;
-              }
-
-        /*
-         * Indicate that acceleration is available
-         */
-        asi_accelerator_present = 1;
-
-/*      printf("This system has acceleration!\n");*/
-
-        return;
-        }
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
-        {
-        unsigned char *abin;
-        unsigned char *pbin;
-        unsigned char *mbin;
-        unsigned char *rbin;
-        int an,pn,mn,ret;
-        RSAPrivateKey keydata;
-
-        atalla_initialize_accelerator_handle();
-        if(!asi_accelerator_present)
-                return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE  128
-        an=BN_num_bytes(a);
-        pn=BN_num_bytes(p);
-        mn=BN_num_bytes(m);
-
-        if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
-            {
-            int size=mn;
-
-            assert(an <= mn);
-            abin=alloca(size);
-            memset(abin,'\0',mn);
-            BN_bn2bin(a,abin+size-an);
-
-            pbin=alloca(pn);
-            BN_bn2bin(p,pbin);
-
-            mbin=alloca(size);
-            memset(mbin,'\0',mn);
-            BN_bn2bin(m,mbin+size-mn);
-
-            rbin=alloca(size);
-
-            memset(&keydata,'\0',sizeof keydata);
-            keydata.privateExponent.data=pbin;
-            keydata.privateExponent.len=pn;
-            keydata.modulus.data=mbin;
-            keydata.modulus.len=size;
-
-            ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
-            if(!ret)
-                {
-                BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
-                return 1;
-                }
-            }
-        return 0;
-        }
-#endif /* def ATALLA */
 
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                BN_CTX *ctx)
@@ -339,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
         bn_check_top(p);
         bn_check_top(m);
 
-#ifdef ATALLA
-        if(BN_mod_exp_atalla(r,a,p,m))
-            return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
-        tried_atalla=1;
-#endif
-
 #ifdef MONT_MUL_MOD
         /* I have finally been able to take out this pre-condition of
          * the top bit being set.  It was caused by an error in BN_div
@@ -354,7 +193,15 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 /*      if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
 
         if (BN_is_odd(m))
-                { ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
+                {
+                if (a->top == 1)
+                        {
+                        BN_ULONG A = a->d[0];
+                        ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
+                        }
+                else
+                        ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
+                }
         else
 #endif
 #ifdef RECP_MUL_MOD
@@ -363,14 +210,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                 { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 
-#ifdef ATALLA
-        tried_atalla=0;
-#endif
-
         return(ret);
         }
 
-/* #ifdef RECP_MUL_MOD */
+
 int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                     const BIGNUM *m, BN_CTX *ctx)
         {
@@ -398,27 +241,22 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
         ts=1;
 
         if (!BN_mod(&(val[0]),a,m,ctx)) goto err;               /* 1 */
-        if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
-                goto err;                               /* 2 */
-
-        if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
-                window=1;
-        else if (bits >= 256)
-                window=5;       /* max size of window */
-        else if (bits >= 128)
-                window=4;
-        else
-                window=3;
 
-        j=1<<(window-1);
-        for (i=1; i<j; i++)
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
                 {
-                BN_init(&val[i]);
-                if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
-                        goto err;
+                if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
+                        goto err;                               /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&val[i]);
+                        if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
+                                goto err;
+                        }
+                ts=i;
                 }
-        ts=i;
-
+                
         start=1;        /* This is used to avoid multiplication etc
                          * when there is only the value '1' in the
                          * buffer. */
@@ -485,9 +323,8 @@ err:
         BN_RECP_CTX_free(&recp);
         return(ret);
         }
-/* #endif */
 
-/* #ifdef MONT_MUL_MOD */
+
 int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
         {
@@ -502,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
         bn_check_top(p);
         bn_check_top(m);
 
-#ifdef ATALLA
-        if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
-            return 1;
-/* If it fails, try the other methods */
-#endif
-
         if (!(m->d[0] & 1))
                 {
                 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -527,11 +358,9 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
         /* If this is not done, things will break in the montgomery
          * part */
 
-#if 1
         if (in_mont != NULL)
                 mont=in_mont;
         else
-#endif
                 {
                 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
                 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
@@ -541,31 +370,27 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
         ts=1;
         if (BN_ucmp(a,m) >= 0)
                 {
-                BN_mod(&(val[0]),a,m,ctx);
+                if (!BN_mod(&(val[0]),a,m,ctx))
+                        goto err;
                 aa= &(val[0]);
                 }
         else
                 aa=a;
         if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
-        if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
-
-        if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
-                window=1;
-        else if (bits >= 256)
-                window=5;       /* max size of window */
-        else if (bits >= 128)
-                window=4;
-        else
-                window=3;
 
-        j=1<<(window-1);
-        for (i=1; i<j; i++)
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
                 {
-                BN_init(&(val[i]));
-                if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
-                        goto err;
+                if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val[i]));
+                        if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
+                                goto err;
+                        }
+                ts=i;
                 }
-        ts=i;
 
         start=1;        /* This is used to avoid multiplication etc
                          * when there is only the value '1' in the
@@ -574,7 +399,7 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
         wstart=bits-1;  /* The top bit of the window */
         wend=0;         /* The bottom bit of the window */
 
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
         for (;;)
                 {
                 if (BN_is_bit_set(p,wstart) == 0)
@@ -626,7 +451,7 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
                 start=0;
                 if (wstart < 0) break;
                 }
-        BN_from_montgomery(rr,r,mont,ctx);
+        if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
         ret=1;
 err:
         if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
@@ -635,7 +460,134 @@ err:
                 BN_clear_free(&(val[i]));
         return(ret);
         }
-/* #endif */
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BN_MONT_CTX *mont = NULL;
+        int b, bits, ret=0;
+        int r_is_one;
+        BN_ULONG w, next_w;
+        BIGNUM *d, *r, *t;
+        BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+                /* BN_MOD_MUL_WORD is only used with 'w' large,
+                  * so the BN_ucmp test is probably more overhead
+                  * than always using BN_mod (which uses BN_copy if
+                  * a similar test returns true). */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+        bn_check_top(p);
+        bn_check_top(m);
+
+        if (!(m->d[0] & 1))
+                {
+                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return(0);
+                }
+        bits = BN_num_bits(p);
+        if (bits == 0)
+                {
+                BN_one(rr);
+                return(1);
+                }
+        BN_CTX_start(ctx);
+        d = BN_CTX_get(ctx);
+        r = BN_CTX_get(ctx);
+        t = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL || t == NULL) goto err;
+
+        if (in_mont != NULL)
+                mont=in_mont;
+        else
+                {
+                if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
+                if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
+                }
+
+        r_is_one = 1; /* except for Montgomery factor */
+
+        /* bits-1 >= 0 */
+
+        /* The result is accumulated in the product r*w. */
+        w = a; /* bit 'bits-1' of 'p' is always set */
+        for (b = bits-2; b >= 0; b--)
+                {
+                /* First, square r*w. */
+                next_w = w*w;
+                if ((next_w/w) != w) /* overflow */
+                        {
+                        if (r_is_one)
+                                {
+                                if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                                r_is_one = 0;
+                                }
+                        else
+                                {
+                                if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                                }
+                        next_w = 1;
+                        }
+                w = next_w;
+                if (!r_is_one)
+                        {
+                        if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
+                        }
+
+                /* Second, multiply r*w by 'a' if exponent bit is set. */
+                if (BN_is_bit_set(p, b))
+                        {
+                        next_w = w*a;
+                        if ((next_w/a) != w) /* overflow */
+                                {
+                                if (r_is_one)
+                                        {
+                                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                                        r_is_one = 0;
+                                        }
+                                else
+                                        {
+                                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                                        }
+                                next_w = a;
+                                }
+                        w = next_w;
+                        }
+                }
+
+        /* Finally, set r:=r*w. */
+        if (w != 1)
+                {
+                if (r_is_one)
+                        {
+                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                        r_is_one = 0;
+                        }
+                else
+                        {
+                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                        }
+                }
+
+        if (r_is_one) /* can happen only if a == 1*/
+                {
+                if (!BN_one(rr)) goto err;
+                }
+        else
+                {
+                if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
+                }
+        ret = 1;
+err:
+        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
 
 /* The old fallback, simple version :-) */
 int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
@@ -660,26 +612,21 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
         BN_init(&(val[0]));
         ts=1;
         if (!BN_mod(&(val[0]),a,m,ctx)) goto err;               /* 1 */
-        if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
-                goto err;                               /* 2 */
-
-        if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
-                window=1;
-        else if (bits >= 256)
-                window=5;       /* max size of window */
-        else if (bits >= 128)
-                window=4;
-        else
-                window=3;
 
-        j=1<<(window-1);
-        for (i=1; i<j; i++)
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
                 {
-                BN_init(&(val[i]));
-                if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
-                        goto err;
+                if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
+                        goto err;                               /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val[i]));
+                        if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
+                                goto err;
+                        }
+                ts=i;
                 }
-        ts=i;
 
         start=1;        /* This is used to avoid multiplication etc
                          * when there is only the value '1' in the
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp2.c b/src/lib/libssl/src/crypto/bn/bn_exp2.c
index 4f4e9e3299..29029f4c72 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp2.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp2.c
@@ -1,27 +1,128 @@
+/* crypto/bn/bn_exp2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* I've done some timing with different table sizes.
- * The main hassle is that even with bits set at 3, this requires
- * 63 BIGNUMs to store the pre-calculated values.
- *          512   1024 
- * bits=1  75.4%  79.4%
- * bits=2  61.2%  62.4%
- * bits=3  61.3%  59.3%
- * The lack of speed improvement is also a function of the pre-calculation
- * which could be removed.
- */
-#define EXP2_TABLE_BITS 2 /* 1  2  3  4  5  */
-#define EXP2_TABLE_SIZE 4 /* 2  4  8 16 32  */
+#define TABLE_SIZE      32
 
 int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
              BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
         {
-        int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue;
-        int start=1,ts=0,x,y;
-        BIGNUM *d,*aa1,*aa2,*r;
-        BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE];
+        int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
+        int r_is_one=1,ts1=0,ts2=0;
+        BIGNUM *d,*r;
+        BIGNUM *a_mod_m;
+        BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
         BN_MONT_CTX *mont=NULL;
 
         bn_check_top(a1);
@@ -32,7 +133,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
 
         if (!(m->d[0] & 1))
                 {
-                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+                BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
                 return(0);
                 }
         bits1=BN_num_bits(p1);
@@ -42,17 +143,13 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
                 BN_one(rr);
                 return(1);
                 }
+        bits=(bits1 > bits2)?bits1:bits2;
 
         BN_CTX_start(ctx);
         d = BN_CTX_get(ctx);
         r = BN_CTX_get(ctx);
         if (d == NULL || r == NULL) goto err;
 
-        bits=(bits1 > bits2)?bits1:bits2;
-
-        /* If this is not done, things will break in the montgomery
-         * part */
-
         if (in_mont != NULL)
                 mont=in_mont;
         else
@@ -61,139 +158,143 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
                 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
                 }
 
-        BN_init(&(val[0][0]));
-        BN_init(&(val[1][1]));
-        BN_init(&(val[0][1]));
-        BN_init(&(val[1][0]));
-        ts=1;
+        window1 = BN_window_bits_for_exponent_size(bits1);
+        window2 = BN_window_bits_for_exponent_size(bits2);
+
+        /*
+         * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+         */
+        BN_init(&val1[0]);
+        ts1=1;
         if (BN_ucmp(a1,m) >= 0)
                 {
-                BN_mod(&(val[1][0]),a1,m,ctx);
-                aa1= &(val[1][0]);
+                if (!BN_mod(&(val1[0]),a1,m,ctx))
+                        goto err;
+                a_mod_m = &(val1[0]);
                 }
         else
-                aa1=a1;
+                a_mod_m = a1;
+        if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
+        if (window1 > 1)
+                {
+                if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
+
+                j=1<<(window1-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val1[i]));
+                        if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
+                                goto err;
+                        }
+                ts1=i;
+                }
+
+
+        /*
+         * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+         */
+        BN_init(&val2[0]);
+        ts2=1;
         if (BN_ucmp(a2,m) >= 0)
                 {
-                BN_mod(&(val[0][1]),a2,m,ctx);
-                aa2= &(val[0][1]);
+                if (!BN_mod(&(val2[0]),a2,m,ctx))
+                        goto err;
+                a_mod_m = &(val2[0]);
                 }
         else
-                aa2=a2;
-        if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err;
-        if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err;
-        if (!BN_mod_mul_montgomery(&(val[1][1]),
-                &(val[1][0]),&(val[0][1]),mont,ctx))
-                goto err;
-
-#if 0
-        if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
-                window=1;
-        else if (bits > 250)
-                window=5;       /* max size of window */
-        else if (bits >= 120)
-                window=4;
-        else
-                window=3;
-#else
-        window=EXP2_TABLE_BITS;
-#endif
-
-        k=1<<window;
-        for (x=0; x<k; x++)
+                a_mod_m = a2;
+        if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
+        if (window2 > 1)
                 {
-                if (x >= 2)
-                        {
-                        BN_init(&(val[x][0]));
-                        BN_init(&(val[x][1]));
-                        if (!BN_mod_mul_montgomery(&(val[x][0]),
-                                &(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err;
-                        if (!BN_mod_mul_montgomery(&(val[x][1]),
-                                &(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err;
-                        }
-                for (y=2; y<k; y++)
+                if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
+
+                j=1<<(window2-1);
+                for (i=1; i<j; i++)
                         {
-                        BN_init(&(val[x][y]));
-                        if (!BN_mod_mul_montgomery(&(val[x][y]),
-                                &(val[x][y-1]),&(val[0][1]),mont,ctx))
+                        BN_init(&(val2[i]));
+                        if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
                                 goto err;
                         }
+                ts2=i;
                 }
-        ts=k;
-
-        start=1;        /* This is used to avoid multiplication etc
-                         * when there is only the value '1' in the
-                         * buffer. */
-        xvalue=0;       /* The 'x value' of the window */
-        yvalue=0;       /* The 'y value' of the window */
-        wstart=bits-1;  /* The top bit of the window */
-        wend=0;         /* The bottom bit of the window */
-
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-        for (;;)
+
+
+        /* Now compute the power product, using independent windows. */
+        r_is_one=1;
+        wvalue1=0;  /* The 'value' of the first window */
+        wvalue2=0;  /* The 'value' of the second window */
+        wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
+        wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
+
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        for (b=bits-1; b>=0; b--)
                 {
-                xvalue=BN_is_bit_set(p1,wstart);
-                yvalue=BN_is_bit_set(p2,wstart);
-                if (!(xvalue || yvalue))
+                if (!r_is_one)
                         {
-                        if (!start)
+                        if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                goto err;
+                        }
+                
+                if (!wvalue1)
+                        if (BN_is_bit_set(p1, b))
                                 {
-                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-                                        goto err;
+                                /* consider bits b-window1+1 .. b for this window */
+                                i = b-window1+1;
+                                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                                        i++;
+                                wpos1 = i;
+                                wvalue1 = 1;
+                                for (i = b-1; i >= wpos1; i--)
+                                        {
+                                        wvalue1 <<= 1;
+                                        if (BN_is_bit_set(p1, i))
+                                                wvalue1++;
+                                        }
                                 }
-                        wstart--;
-                        if (wstart < 0) break;
-                        continue;
-                        }
-                /* We now have wstart on a 'set' bit, we now need to work out
-                 * how bit a window to do.  To do this we need to scan
-                 * forward until the last set bit before the end of the
-                 * window */
-                j=wstart;
-                /* xvalue=BN_is_bit_set(p1,wstart); already set */
-                /* yvalue=BN_is_bit_set(p1,wstart); already set */
-                wend=0;
-                for (i=1; i<window; i++)
-                        {
-                        if (wstart-i < 0) break;
-                        xvalue+=xvalue;
-                        xvalue|=BN_is_bit_set(p1,wstart-i);
-                        yvalue+=yvalue;
-                        yvalue|=BN_is_bit_set(p2,wstart-i);
-                        }
-
-                /* i is the size of the current window */
-                /* add the 'bytes above' */
-                if (!start)
-                        for (j=0; j<i; j++)
+                
+                if (!wvalue2)
+                        if (BN_is_bit_set(p2, b))
                                 {
-                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-                                        goto err;
+                                /* consider bits b-window2+1 .. b for this window */
+                                i = b-window2+1;
+                                while (!BN_is_bit_set(p2, i))
+                                        i++;
+                                wpos2 = i;
+                                wvalue2 = 1;
+                                for (i = b-1; i >= wpos2; i--)
+                                        {
+                                        wvalue2 <<= 1;
+                                        if (BN_is_bit_set(p2, i))
+                                                wvalue2++;
+                                        }
                                 }
+
+                if (wvalue1 && b == wpos1)
+                        {
+                        /* wvalue1 is odd and < 2^window1 */
+                        if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
+                                goto err;
+                        wvalue1 = 0;
+                        r_is_one = 0;
+                        }
                 
-                /* wvalue will be an odd number < 2^window */
-                if (xvalue || yvalue)
+                if (wvalue2 && b == wpos2)
                         {
-                        if (!BN_mod_mul_montgomery(r,r,&(val[xvalue][yvalue]),
-                                mont,ctx)) goto err;
+                        /* wvalue2 is odd and < 2^window2 */
+                        if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
+                                goto err;
+                        wvalue2 = 0;
+                        r_is_one = 0;
                         }
-
-                /* move the 'window' down further */
-                wstart-=i;
-                start=0;
-                if (wstart < 0) break;
                 }
         BN_from_montgomery(rr,r,mont,ctx);
         ret=1;
 err:
         if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
         BN_CTX_end(ctx);
-        for (i=0; i<ts; i++)
-                {
-                for (j=0; j<ts; j++)
-                        {
-                        BN_clear_free(&(val[i][j]));
-                        }
-                }
+        for (i=0; i<ts1; i++)
+                BN_clear_free(&(val1[i]));
+        for (i=0; i<ts2; i++)
+                BN_clear_free(&(val2[i]));
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index e36ccbc4c2..9c959921b4 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef HEADER_BN_LCL_H
 #define HEADER_BN_LCL_H
@@ -65,6 +118,51 @@
 extern "C" {
 #endif
 
+
+/*
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+#if 1
+#define BN_window_bits_for_exponent_size(b) \
+                ((b) > 671 ? 6 : \
+                 (b) > 239 ? 5 : \
+                 (b) >  79 ? 4 : \
+                 (b) >  23 ? 3 : 1)
+#else
+/* Old SSLeay/OpenSSL table.
+ * Maximum window size was 5, so this table differs for b==1024;
+ * but it coincides for other interesting values (b==160, b==512).
+ */
+#define BN_window_bits_for_exponent_size(b) \
+                ((b) > 255 ? 5 : \
+                 (b) > 127 ? 4 : \
+                 (b) >  17 ? 3 : 1)
+#endif   
+
+
+
 /* Pentium pro 16,16,16,32,64 */
 /* Alpha       16,16,16,16.64 */
 #define BN_MULL_SIZE_NORMAL                     (16) /* 32 */
@@ -130,7 +228,7 @@ extern "C" {
 /* This is used for internal error checking and is not normally used */
 #ifdef BN_DEBUG
 # include <assert.h>
-# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->max);
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
 #else
 # define bn_check_top(a)
 #endif
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 0e6b12d9c3..b6b0ce4b3c 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -244,14 +250,8 @@ int BN_num_bits(const BIGNUM *a)
 
         if (a->top == 0) return(0);
         l=a->d[a->top-1];
+        assert(l != 0);
         i=(a->top-1)*BN_BITS2;
-        if (l == 0)
-                {
-#if !defined(NO_STDIO) && !defined(WIN16)
-                fprintf(stderr,"BAD TOP VALUE\n");
-#endif
-                abort();
-                }
         return(i+BN_num_bits_word(l));
         }
 
@@ -262,24 +262,24 @@ void BN_clear_free(BIGNUM *a)
         if (a == NULL) return;
         if (a->d != NULL)
                 {
-                memset(a->d,0,a->max*sizeof(a->d[0]));
+                memset(a->d,0,a->dmax*sizeof(a->d[0]));
                 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-                        Free(a->d);
+                        OPENSSL_free(a->d);
                 }
         i=BN_get_flags(a,BN_FLG_MALLOCED);
         memset(a,0,sizeof(BIGNUM));
         if (i)
-                Free(a);
+                OPENSSL_free(a);
         }
 
 void BN_free(BIGNUM *a)
         {
         if (a == NULL) return;
         if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-                Free(a->d);
+                OPENSSL_free(a->d);
         a->flags|=BN_FLG_FREE; /* REMOVE? */
         if (a->flags & BN_FLG_MALLOCED)
-                Free(a);
+                OPENSSL_free(a);
         }
 
 void BN_init(BIGNUM *a)
@@ -291,7 +291,7 @@ BIGNUM *BN_new(void)
         {
         BIGNUM *ret;
 
-        if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
+        if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
                 {
                 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
                 return(NULL);
@@ -299,7 +299,7 @@ BIGNUM *BN_new(void)
         ret->flags=BN_FLG_MALLOCED;
         ret->top=0;
         ret->neg=0;
-        ret->max=0;
+        ret->dmax=0;
         ret->d=NULL;
         return(ret);
         }
@@ -317,7 +317,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 
         bn_check_top(b);
 
-        if (words > b->max)
+        if (words > b->dmax)
                 {
                 bn_check_top(b);        
                 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
@@ -325,7 +325,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
                         BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                         return(NULL);
                         }
-                a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
+                a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
                 if (A == NULL)
                         {
                         BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
@@ -423,21 +423,21 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
                                 case 0: ; /* ultrix cc workaround, see above */
                                 }
 #endif
-                        Free(b->d);
+                        OPENSSL_free(b->d);
                         }
 
                 b->d=a;
-                b->max=words;
+                b->dmax=words;
 
                 /* Now need to zero any data between b->top and b->max */
 
                 A= &(b->d[b->top]);
-                for (i=(b->max - b->top)>>3; i>0; i--,A+=8)
+                for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
                         {
                         A[0]=0; A[1]=0; A[2]=0; A[3]=0;
                         A[4]=0; A[5]=0; A[6]=0; A[7]=0;
                         }
-                for (i=(b->max - b->top)&7; i>0; i--,A++)
+                for (i=(b->dmax - b->top)&7; i>0; i--,A++)
                         A[0]=0;
 #else
                         memset(A,0,sizeof(BN_ULONG)*(words+1));
@@ -508,7 +508,7 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 void BN_clear(BIGNUM *a)
         {
         if (a->d != NULL)
-                memset(a->d,0,a->max*sizeof(a->d[0]));
+                memset(a->d,0,a->dmax*sizeof(a->d[0]));
         a->top=0;
         a->neg=0;
         }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
index 598fecbf0c..8cf1febacc 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -85,16 +85,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 
         if (a == b)
                 {
-#if 0
-                bn_wexpand(tmp,a->top*2);
-                bn_wexpand(tmp2,a->top*4);
-                bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
-                tmp->top=a->top*2;
-                if (tmp->d[tmp->top-1] == 0)
-                        tmp->top--;
-#else
                 if (!BN_sqr(tmp,a,ctx)) goto err;
-#endif
                 }
         else
                 {
@@ -157,7 +148,22 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 #endif
         for (i=0; i<nl; i++)
                 {
+#ifdef __TANDEM
+                {
+                   long long t1;
+                   long long t2;
+                   long long t3;
+                   t1 = rp[0] * (n0 & 0177777);
+                   t2 = 037777600000l;
+                   t2 = n0 & t2;
+                   t3 = rp[0] & 0177777;
+                   t2 = (t3 * t2) & BN_MASK2;
+                   t1 = t1 + t2;
+                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
+                }
+#else
                 v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
                 nrp++;
                 rp++;
                 if (((nrp[-1]+=v)&BN_MASK2) >= v)
@@ -175,6 +181,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 #if 0
         BN_rshift(ret,r,mont->ri);
 #else
+        ret->neg = r->neg;
         x=ri;
         rp=ret->d;
         ap= &(r->d[x]);
@@ -234,7 +241,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
         {
         BN_MONT_CTX *ret;
 
-        if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
+        if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
                 return(NULL);
 
         BN_MONT_CTX_init(ret);
@@ -260,7 +267,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
         BN_free(&(mont->N));
         BN_free(&(mont->Ni));
         if (mont->flags & BN_FLG_MALLOCED)
-                Free(mont);
+                OPENSSL_free(mont);
         }
 
 int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
@@ -284,7 +291,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                 buf[1]=0;
                 tmod.d=buf;
                 tmod.top=1;
-                tmod.max=2;
+                tmod.dmax=2;
                 tmod.neg=mod->neg;
                                                         /* Ri = R^-1 mod N*/
                 if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c
index 3e8baaad9a..3e8d8b9567 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mul.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mul.c
@@ -631,7 +631,6 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 
         al=a->top;
         bl=b->top;
-        r->neg=a->neg^b->neg;
 
         if ((al == 0) || (bl == 0))
                 {
@@ -647,6 +646,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
                 }
         else
                 rr = r;
+        rr->neg=a->neg^b->neg;
 
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
         i = al-bl;
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
index 782a96e7e0..532e66bcc3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_print.c
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -64,14 +64,14 @@
 
 static const char *Hex="0123456789ABCDEF";
 
-/* Must 'Free' the returned data */
+/* Must 'OPENSSL_free' the returned data */
 char *BN_bn2hex(const BIGNUM *a)
         {
         int i,j,v,z=0;
         char *buf;
         char *p;
 
-        buf=(char *)Malloc(a->top*BN_BYTES*2+2);
+        buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
         if (buf == NULL)
                 {
                 BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
@@ -99,7 +99,7 @@ err:
         return(buf);
         }
 
-/* Must 'Free' the returned data */
+/* Must 'OPENSSL_free' the returned data */
 char *BN_bn2dec(const BIGNUM *a)
         {
         int i=0,num;
@@ -110,8 +110,8 @@ char *BN_bn2dec(const BIGNUM *a)
 
         i=BN_num_bits(a)*3;
         num=(i/10+i/1000+3)+1;
-        bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
-        buf=(char *)Malloc(num+3);
+        bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+        buf=(char *)OPENSSL_malloc(num+3);
         if ((buf == NULL) || (bn_data == NULL))
                 {
                 BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
@@ -149,7 +149,7 @@ char *BN_bn2dec(const BIGNUM *a)
                         }
                 }
 err:
-        if (bn_data != NULL) Free(bn_data);
+        if (bn_data != NULL) OPENSSL_free(bn_data);
         if (t != NULL) BN_free(t);
         return(buf);
         }
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c
index 943712c15b..21ecbc04ed 100644
--- a/src/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/src/lib/libssl/src/crypto/bn/bn_rand.c
@@ -68,11 +68,17 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         int ret=0,bit,bytes,mask;
         time_t tim;
 
+        if (bits == 0)
+                {
+                BN_zero(rnd);
+                return 1;
+                }
+
         bytes=(bits+7)/8;
         bit=(bits-1)%8;
         mask=0xff<<bit;
 
-        buf=(unsigned char *)Malloc(bytes);
+        buf=(unsigned char *)OPENSSL_malloc(bytes);
         if (buf == NULL)
                 {
                 BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
@@ -120,7 +126,7 @@ err:
         if (buf != NULL)
                 {
                 memset(buf,0,bytes);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         return(ret);
         }
diff --git a/src/lib/libssl/src/crypto/bn/bn_recp.c b/src/lib/libssl/src/crypto/bn/bn_recp.c
index a8796bd0aa..d019941d6b 100644
--- a/src/lib/libssl/src/crypto/bn/bn_recp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_recp.c
@@ -72,7 +72,7 @@ BN_RECP_CTX *BN_RECP_CTX_new(void)
         {
         BN_RECP_CTX *ret;
 
-        if ((ret=(BN_RECP_CTX *)Malloc(sizeof(BN_RECP_CTX))) == NULL)
+        if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
                 return(NULL);
 
         BN_RECP_CTX_init(ret);
@@ -88,7 +88,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
         BN_free(&(recp->N));
         BN_free(&(recp->Nr));
         if (recp->flags & BN_FLG_MALLOCED)
-                Free(recp);
+                OPENSSL_free(recp);
         }
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
diff --git a/src/lib/libssl/src/crypto/bn/bn_shift.c b/src/lib/libssl/src/crypto/bn/bn_shift.c
index 61aae65a6b..0883247384 100644
--- a/src/lib/libssl/src/crypto/bn/bn_shift.c
+++ b/src/lib/libssl/src/crypto/bn/bn_shift.c
@@ -162,7 +162,7 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
         nw=n/BN_BITS2;
         rb=n%BN_BITS2;
         lb=BN_BITS2-rb;
-        if (nw > a->top)
+        if (nw > a->top || a->top == 0)
                 {
                 BN_zero(r);
                 return(1);
diff --git a/src/lib/libssl/src/crypto/bn/bn_sqr.c b/src/lib/libssl/src/crypto/bn/bn_sqr.c
index fe00c5f69a..75f4f38392 100644
--- a/src/lib/libssl/src/crypto/bn/bn_sqr.c
+++ b/src/lib/libssl/src/crypto/bn/bn_sqr.c
@@ -188,7 +188,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
 
 #ifdef BN_RECURSION
 /* r is 2*n words in size,
- * a and b are both n words in size.
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
  * n must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n words in size
diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c b/src/lib/libssl/src/crypto/bn/bn_word.c
index 73157a7d43..cd59baa2c4 100644
--- a/src/lib/libssl/src/crypto/bn/bn_word.c
+++ b/src/lib/libssl/src/crypto/bn/bn_word.c
@@ -115,7 +115,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
                 a->neg=0;
                 i=BN_sub_word(a,w);
                 if (!BN_is_zero(a))
-                        a->neg=1;
+                        a->neg=!(a->neg);
                 return(i);
                 }
         w&=BN_MASK2;
@@ -140,7 +140,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
         {
         int i;
 
-        if (a->neg)
+        if (BN_is_zero(a) || a->neg)
                 {
                 a->neg=0;
                 i=BN_add_word(a,w);
@@ -182,11 +182,16 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w)
         w&=BN_MASK2;
         if (a->top)
                 {
-                ll=bn_mul_words(a->d,a->d,a->top,w);
-                if (ll)
+                if (w == 0)
+                        BN_zero(a);
+                else
                         {
-                        if (bn_wexpand(a,a->top+1) == NULL) return(0);
-                        a->d[a->top++]=ll;
+                        ll=bn_mul_words(a->d,a->d,a->top,w);
+                        if (ll)
+                                {
+                                if (bn_wexpand(a,a->top+1) == NULL) return(0);
+                                a->d[a->top++]=ll;
+                                }
                         }
                 }
         return(1);
diff --git a/src/lib/libssl/src/crypto/bn/vms-helper.c b/src/lib/libssl/src/crypto/bn/vms-helper.c
index 73af337069..0fa79c4edb 100644
--- a/src/lib/libssl/src/crypto/bn/vms-helper.c
+++ b/src/lib/libssl/src/crypto/bn/vms-helper.c
@@ -59,8 +59,10 @@
 
 bn_div_words_abort(int i)
 {
+#ifdef BN_DEBUG
 #if !defined(NO_STDIO) && !defined(WIN16)
         fprintf(stderr,"Division would overflow (%d)\n",i);
 #endif
         abort();
+#endif
 }
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile.ssl b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
index 506708c37f..f473d1ab4b 100644
--- a/src/lib/libssl/src/crypto/buffer/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
@@ -78,10 +78,15 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-buf_err.o: ../../include/openssl/buffer.h ../../include/openssl/err.h
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+buf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_err.o: ../../include/openssl/symhacks.h
 buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-buffer.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buffer.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c
index c3a108ea52..b76ff3ad7a 100644
--- a/src/lib/libssl/src/crypto/buffer/buffer.c
+++ b/src/lib/libssl/src/crypto/buffer/buffer.c
@@ -64,7 +64,7 @@ BUF_MEM *BUF_MEM_new(void)
         {
         BUF_MEM *ret;
 
-        ret=Malloc(sizeof(BUF_MEM));
+        ret=OPENSSL_malloc(sizeof(BUF_MEM));
         if (ret == NULL)
                 {
                 BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
@@ -84,9 +84,9 @@ void BUF_MEM_free(BUF_MEM *a)
         if (a->data != NULL)
                 {
                 memset(a->data,0,(unsigned int)a->max);
-                Free(a->data);
+                OPENSSL_free(a->data);
                 }
-        Free(a);
+        OPENSSL_free(a);
         }
 
 int BUF_MEM_grow(BUF_MEM *str, int len)
@@ -107,9 +107,9 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
                 }
         n=(len+3)/3*4;
         if (str->data == NULL)
-                ret=Malloc(n);
+                ret=OPENSSL_malloc(n);
         else
-                ret=Realloc(str->data,n);
+                ret=OPENSSL_realloc(str->data,n);
         if (ret == NULL)
                 {
                 BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
@@ -132,7 +132,7 @@ char *BUF_strdup(const char *str)
         if (str == NULL) return(NULL);
 
         n=strlen(str);
-        ret=Malloc(n+1);
+        ret=OPENSSL_malloc(n+1);
         if (ret == NULL) 
                 {
                 BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
index acf2c3eeb5..76e40005c9 100644
--- a/src/lib/libssl/src/crypto/cast/c_skey.c
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -72,7 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 
-void CAST_set_key(CAST_KEY *key, int len, unsigned char *data)
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
         {
         CAST_LONG x[16];
         CAST_LONG z[16];
diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h
index 6cc5e8aa8c..e24e133099 100644
--- a/src/lib/libssl/src/crypto/cast/cast.h
+++ b/src/lib/libssl/src/crypto/cast/cast.h
@@ -82,7 +82,7 @@ typedef struct cast_key_st
         } CAST_KEY;
 
  
-void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
                       int enc);
 void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
diff --git a/src/lib/libssl/src/crypto/comp/Makefile.ssl b/src/lib/libssl/src/crypto/comp/Makefile.ssl
index 336864a995..39e7993416 100644
--- a/src/lib/libssl/src/crypto/comp/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/comp/Makefile.ssl
@@ -83,17 +83,19 @@ clean:
 
 c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
-c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
+c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
-c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
+c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
-comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
+comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-comp_lib.o: ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/comp/comp.h b/src/lib/libssl/src/crypto/comp/comp.h
index 811cb5833d..0922609542 100644
--- a/src/lib/libssl/src/crypto/comp/comp.h
+++ b/src/lib/libssl/src/crypto/comp/comp.h
@@ -2,12 +2,12 @@
 #ifndef HEADER_COMP_H
 #define HEADER_COMP_H
 
+#include <openssl/crypto.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/crypto.h>
-
 typedef struct comp_method_st
         {
         int type;               /* NID for compression library */
diff --git a/src/lib/libssl/src/crypto/comp/comp_lib.c b/src/lib/libssl/src/crypto/comp/comp_lib.c
index a67ef23bc0..beb98ce8cc 100644
--- a/src/lib/libssl/src/crypto/comp/comp_lib.c
+++ b/src/lib/libssl/src/crypto/comp/comp_lib.c
@@ -8,7 +8,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
         {
         COMP_CTX *ret;
 
-        if ((ret=(COMP_CTX *)Malloc(sizeof(COMP_CTX))) == NULL)
+        if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
                 {
                 /* ZZZZZZZZZZZZZZZZ */
                 return(NULL);
@@ -17,7 +17,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
         ret->meth=meth;
         if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                 {
-                Free(ret);
+                OPENSSL_free(ret);
                 ret=NULL;
                 }
 #if 0
@@ -37,7 +37,7 @@ void COMP_CTX_free(COMP_CTX *ctx)
         if (ctx->meth->finish != NULL)
                 ctx->meth->finish(ctx);
 
-        Free(ctx);
+        OPENSSL_free(ctx);
         }
 
 int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
diff --git a/src/lib/libssl/src/crypto/conf/Makefile.ssl b/src/lib/libssl/src/crypto/conf/Makefile.ssl
index 9dbb2b276a..efbb578981 100644
--- a/src/lib/libssl/src/crypto/conf/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/conf/Makefile.ssl
@@ -22,14 +22,14 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= conf.c conf_err.c
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c
 
-LIBOBJ= conf.o conf_err.o
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= conf.h
-HEADER= conf_lcl.h $(EXHEADER)
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -79,14 +79,30 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-conf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-conf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-conf.o: ../cryptlib.h conf_lcl.h
+conf_api.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_api.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_def.o: conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_lib.o: ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/conf/conf.c b/src/lib/libssl/src/crypto/conf/conf.c
index 3031fa3b44..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/conf/conf.c
+++ b/src/lib/libssl/src/crypto/conf/conf.c
@@ -1,730 +0,0 @@
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-#include "conf_lcl.h"
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
-static unsigned long hash(CONF_VALUE *v);
-static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
-static char *eat_ws(char *p);
-static char *eat_alpha_numeric(char *p);
-static void clear_comments(char *p);
-static int str_copy(LHASH *conf,char *section,char **to, char *from);
-static char *scan_quote(char *p);
-static CONF_VALUE *new_section(LHASH *conf,char *section);
-static CONF_VALUE *get_section(LHASH *conf,char *section);
-#define scan_esc(p)     ((((p)[1] == '\0')?(p++):(p+=2)),p)
-
-const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
-
-
-LHASH *CONF_load(LHASH *h, const char *file, long *line)
-        {
-        LHASH *ltmp;
-        BIO *in=NULL;
-
-#ifdef VMS
-        in=BIO_new_file(file, "r");
-#else
-        in=BIO_new_file(file, "rb");
-#endif
-        if (in == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-                return NULL;
-                }
-
-        ltmp = CONF_load_bio(h, in, line);
-        BIO_free(in);
-
-        return ltmp;
-}
-#ifndef NO_FP_API
-LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
-{
-        BIO *btmp;
-        LHASH *ltmp;
-        if(!(btmp = BIO_new_fp(in, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
-                return NULL;
-        }
-        ltmp = CONF_load_bio(h, btmp, line);
-        BIO_free(btmp);
-        return ltmp;
-}
-#endif
-
-LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
-        {
-        LHASH *ret=NULL;
-#define BUFSIZE 512
-        char btmp[16];
-        int bufnum=0,i,ii;
-        BUF_MEM *buff=NULL;
-        char *s,*p,*end;
-        int again,n;
-        long eline=0;
-        CONF_VALUE *v=NULL,*vv,*tv;
-        CONF_VALUE *sv=NULL;
-        char *section=NULL,*buf;
-        STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
-        char *start,*psection,*pname;
-
-        if ((buff=BUF_MEM_new()) == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
-                goto err;
-                }
-
-        section=(char *)Malloc(10);
-        if (section == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        strcpy(section,"default");
-
-        if (h == NULL)
-                {
-                if ((ret=lh_new(hash,cmp_conf)) == NULL)
-                        {
-                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        else
-                ret=h;
-
-        sv=new_section(ret,section);
-        if (sv == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                goto err;
-                }
-        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
-
-        bufnum=0;
-        for (;;)
-                {
-                again=0;
-                if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
-                        {
-                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
-                        goto err;
-                        }
-                p= &(buff->data[bufnum]);
-                *p='\0';
-                BIO_gets(in, p, BUFSIZE-1);
-                p[BUFSIZE-1]='\0';
-                ii=i=strlen(p);
-                if (i == 0) break;
-                while (i > 0)
-                        {
-                        if ((p[i-1] != '\r') && (p[i-1] != '\n'))
-                                break;
-                        else
-                                i--;
-                        }
-                /* we removed some trailing stuff so there is a new
-                 * line on the end. */
-                if (i == ii)
-                        again=1; /* long line */
-                else
-                        {
-                        p[i]='\0';
-                        eline++; /* another input line */
-                        }
-
-                /* we now have a line with trailing \r\n removed */
-
-                /* i is the number of bytes */
-                bufnum+=i;
-
-                v=NULL;
-                /* check for line continuation */
-                if (bufnum >= 1)
-                        {
-                        /* If we have bytes and the last char '\\' and
-                         * second last char is not '\\' */
-                        p= &(buff->data[bufnum-1]);
-                        if (    IS_ESC(p[0]) &&
-                                ((bufnum <= 1) || !IS_ESC(p[-1])))
-                                {
-                                bufnum--;
-                                again=1;
-                                }
-                        }
-                if (again) continue;
-                bufnum=0;
-                buf=buff->data;
-
-                clear_comments(buf);
-                n=strlen(buf);
-                s=eat_ws(buf);
-                if (IS_EOF(*s)) continue; /* blank line */
-                if (*s == '[')
-                        {
-                        char *ss;
-
-                        s++;
-                        start=eat_ws(s);
-                        ss=start;
-again:
-                        end=eat_alpha_numeric(ss);
-                        p=eat_ws(end);
-                        if (*p != ']')
-                                {
-                                if (*p != '\0')
-                                        {
-                                        ss=p;
-                                        goto again;
-                                        }
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
-                                goto err;
-                                }
-                        *end='\0';
-                        if (!str_copy(ret,NULL,&section,start)) goto err;
-                        if ((sv=get_section(ret,section)) == NULL)
-                                sv=new_section(ret,section);
-                        if (sv == NULL)
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                                goto err;
-                                }
-                        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
-                        continue;
-                        }
-                else
-                        {
-                        pname=s;
-                        psection=NULL;
-                        end=eat_alpha_numeric(s);
-                        if ((end[0] == ':') && (end[1] == ':'))
-                                {
-                                *end='\0';
-                                end+=2;
-                                psection=pname;
-                                pname=end;
-                                end=eat_alpha_numeric(end);
-                                }
-                        p=eat_ws(end);
-                        if (*p != '=')
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                CONF_R_MISSING_EQUAL_SIGN);
-                                goto err;
-                                }
-                        *end='\0';
-                        p++;
-                        start=eat_ws(p);
-                        while (!IS_EOF(*p))
-                                p++;
-                        p--;
-                        while ((p != start) && (IS_WS(*p)))
-                                p--;
-                        p++;
-                        *p='\0';
-
-                        if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        if (psection == NULL) psection=section;
-                        v->name=(char *)Malloc(strlen(pname)+1);
-                        v->value=NULL;
-                        if (v->name == NULL)
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        strcpy(v->name,pname);
-                        if (!str_copy(ret,psection,&(v->value),start)) goto err;
-
-                        if (strcmp(psection,section) != 0)
-                                {
-                                if ((tv=get_section(ret,psection))
-                                        == NULL)
-                                        tv=new_section(ret,psection);
-                                if (tv == NULL)
-                                        {
-                                        CONFerr(CONF_F_CONF_LOAD_BIO,
-                                           CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                                        goto err;
-                                        }
-                                ts=(STACK_OF(CONF_VALUE) *)tv->value;
-                                }
-                        else
-                                {
-                                tv=sv;
-                                ts=section_sk;
-                                }
-                        v->section=tv->section; 
-                        if (!sk_CONF_VALUE_push(ts,v))
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        vv=(CONF_VALUE *)lh_insert(ret,v);
-                        if (vv != NULL)
-                                {
-                                sk_CONF_VALUE_delete_ptr(ts,vv);
-                                Free(vv->name);
-                                Free(vv->value);
-                                Free(vv);
-                                }
-                        v=NULL;
-                        }
-                }
-        if (buff != NULL) BUF_MEM_free(buff);
-        if (section != NULL) Free(section);
-        return(ret);
-err:
-        if (buff != NULL) BUF_MEM_free(buff);
-        if (section != NULL) Free(section);
-        if (line != NULL) *line=eline;
-        sprintf(btmp,"%ld",eline);
-        ERR_add_error_data(2,"line ",btmp);
-        if ((h != ret) && (ret != NULL)) CONF_free(ret);
-        if (v != NULL)
-                {
-                if (v->name != NULL) Free(v->name);
-                if (v->value != NULL) Free(v->value);
-                if (v != NULL) Free(v);
-                }
-        return(NULL);
-        }
-
-char *CONF_get_string(LHASH *conf, char *section, char *name)
-        {
-        CONF_VALUE *v,vv;
-        char *p;
-
-        if (name == NULL) return(NULL);
-        if (conf != NULL)
-                {
-                if (section != NULL)
-                        {
-                        vv.name=name;
-                        vv.section=section;
-                        v=(CONF_VALUE *)lh_retrieve(conf,&vv);
-                        if (v != NULL) return(v->value);
-                        if (strcmp(section,"ENV") == 0)
-                                {
-                                p=Getenv(name);
-                                if (p != NULL) return(p);
-                                }
-                        }
-                vv.section="default";
-                vv.name=name;
-                v=(CONF_VALUE *)lh_retrieve(conf,&vv);
-                if (v != NULL)
-                        return(v->value);
-                else
-                        return(NULL);
-                }
-        else
-                return(Getenv(name));
-        }
-
-static CONF_VALUE *get_section(LHASH *conf, char *section)
-        {
-        CONF_VALUE *v,vv;
-
-        if ((conf == NULL) || (section == NULL)) return(NULL);
-        vv.name=NULL;
-        vv.section=section;
-        v=(CONF_VALUE *)lh_retrieve(conf,&vv);
-        return(v);
-        }
-
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
-        {
-        CONF_VALUE *v;
-
-        v=get_section(conf,section);
-        if (v != NULL)
-                return((STACK_OF(CONF_VALUE) *)v->value);
-        else
-                return(NULL);
-        }
-
-long CONF_get_number(LHASH *conf, char *section, char *name)
-        {
-        char *str;
-        long ret=0;
-
-        str=CONF_get_string(conf,section,name);
-        if (str == NULL) return(0);
-        for (;;)
-                {
-                if (IS_NUMER(*str))
-                        ret=ret*10+(*str -'0');
-                else
-                        return(ret);
-                str++;
-                }
-        }
-
-void CONF_free(LHASH *conf)
-        {
-        if (conf == NULL) return;
-
-        conf->down_load=0;      /* evil thing to make sure the 'Free()'
-                                 * works as expected */
-        lh_doall_arg(conf,(void (*)())value_free_hash,conf);
-
-        /* We now have only 'section' entries in the hash table.
-         * Due to problems with */
-
-        lh_doall_arg(conf,(void (*)())value_free_stack,conf);
-        lh_free(conf);
-        }
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
-        {
-        if (a->name != NULL)
-                {
-                a=(CONF_VALUE *)lh_delete(conf,a);
-                }
-        }
-
-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
-        {
-        CONF_VALUE *vv;
-        STACK *sk;
-        int i;
-
-        if (a->name != NULL) return;
-
-        sk=(STACK *)a->value;
-        for (i=sk_num(sk)-1; i>=0; i--)
-                {
-                vv=(CONF_VALUE *)sk_value(sk,i);
-                Free(vv->value);
-                Free(vv->name);
-                Free(vv);
-                }
-        if (sk != NULL) sk_free(sk);
-        Free(a->section);
-        Free(a);
-        }
-
-static void clear_comments(char *p)
-        {
-        char *to;
-
-        to=p;
-        for (;;)
-                {
-                if (IS_COMMENT(*p))
-                        {
-                        *p='\0';
-                        return;
-                        }
-                if (IS_QUOTE(*p))
-                        {
-                        p=scan_quote(p);
-                        continue;
-                        }
-                if (IS_ESC(*p))
-                        {
-                        p=scan_esc(p);
-                        continue;
-                        }
-                if (IS_EOF(*p))
-                        return;
-                else
-                        p++;
-                }
-        }
-
-static int str_copy(LHASH *conf, char *section, char **pto, char *from)
-        {
-        int q,r,rr=0,to=0,len=0;
-        char *s,*e,*rp,*p,*rrp,*np,*cp,v;
-        BUF_MEM *buf;
-
-        if ((buf=BUF_MEM_new()) == NULL) return(0);
-
-        len=strlen(from)+1;
-        if (!BUF_MEM_grow(buf,len)) goto err;
-
-        for (;;)
-                {
-                if (IS_QUOTE(*from))
-                        {
-                        q= *from;
-                        from++;
-                        while ((*from != '\0') && (*from != q))
-                                {
-                                if (*from == '\\')
-                                        {
-                                        from++;
-                                        if (*from == '\0') break;
-                                        }
-                                buf->data[to++]= *(from++);
-                                }
-                        }
-                else if (*from == '\\')
-                        {
-                        from++;
-                        v= *(from++);
-                        if (v == '\0') break;
-                        else if (v == 'r') v='\r';
-                        else if (v == 'n') v='\n';
-                        else if (v == 'b') v='\b';
-                        else if (v == 't') v='\t';
-                        buf->data[to++]= v;
-                        }
-                else if (*from == '\0')
-                        break;
-                else if (*from == '$')
-                        {
-                        /* try to expand it */
-                        rrp=NULL;
-                        s= &(from[1]);
-                        if (*s == '{')
-                                q='}';
-                        else if (*s == '(')
-                                q=')';
-                        else q=0;
-
-                        if (q) s++;
-                        cp=section;
-                        e=np=s;
-                        while (IS_ALPHA_NUMERIC(*e))
-                                e++;
-                        if ((e[0] == ':') && (e[1] == ':'))
-                                {
-                                cp=np;
-                                rrp=e;
-                                rr= *e;
-                                *rrp='\0';
-                                e+=2;
-                                np=e;
-                                while (IS_ALPHA_NUMERIC(*e))
-                                        e++;
-                                }
-                        r= *e;
-                        *e='\0';
-                        rp=e;
-                        if (q)
-                                {
-                                if (r != q)
-                                        {
-                                        CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
-                                        goto err;
-                                        }
-                                e++;
-                                }
-                        /* So at this point we have
-                         * ns which is the start of the name string which is
-                         *   '\0' terminated. 
-                         * cs which is the start of the section string which is
-                         *   '\0' terminated.
-                         * e is the 'next point after'.
-                         * r and s are the chars replaced by the '\0'
-                         * rp and sp is where 'r' and 's' came from.
-                         */
-                        p=CONF_get_string(conf,cp,np);
-                        if (rrp != NULL) *rrp=rr;
-                        *rp=r;
-                        if (p == NULL)
-                                {
-                                CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
-                                goto err;
-                                }
-                        BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
-                        while (*p)
-                                buf->data[to++]= *(p++);
-                        from=e;
-                        }
-                else
-                        buf->data[to++]= *(from++);
-                }
-        buf->data[to]='\0';
-        if (*pto != NULL) Free(*pto);
-        *pto=buf->data;
-        Free(buf);
-        return(1);
-err:
-        if (buf != NULL) BUF_MEM_free(buf);
-        return(0);
-        }
-
-static char *eat_ws(char *p)
-        {
-        while (IS_WS(*p) && (!IS_EOF(*p)))
-                p++;
-        return(p);
-        }
-
-static char *eat_alpha_numeric(char *p)
-        {
-        for (;;)
-                {
-                if (IS_ESC(*p))
-                        {
-                        p=scan_esc(p);
-                        continue;
-                        }
-                if (!IS_ALPHA_NUMERIC_PUNCT(*p))
-                        return(p);
-                p++;
-                }
-        }
-
-static unsigned long hash(CONF_VALUE *v)
-        {
-        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-        }
-
-static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
-        {
-        int i;
-
-        if (a->section != b->section)
-                {
-                i=strcmp(a->section,b->section);
-                if (i) return(i);
-                }
-
-        if ((a->name != NULL) && (b->name != NULL))
-                {
-                i=strcmp(a->name,b->name);
-                return(i);
-                }
-        else if (a->name == b->name)
-                return(0);
-        else
-                return((a->name == NULL)?-1:1);
-        }
-
-static char *scan_quote(char *p)
-        {
-        int q= *p;
-
-        p++;
-        while (!(IS_EOF(*p)) && (*p != q))
-                {
-                if (IS_ESC(*p))
-                        {
-                        p++;
-                        if (IS_EOF(*p)) return(p);
-                        }
-                p++;
-                }
-        if (*p == q) p++;
-        return(p);
-        }
-
-static CONF_VALUE *new_section(LHASH *conf, char *section)
-        {
-        STACK *sk=NULL;
-        int ok=0,i;
-        CONF_VALUE *v=NULL,*vv;
-
-        if ((sk=sk_new_null()) == NULL)
-                goto err;
-        if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
-                goto err;
-        i=strlen(section)+1;
-        if ((v->section=(char *)Malloc(i)) == NULL)
-                goto err;
-
-        memcpy(v->section,section,i);
-        v->name=NULL;
-        v->value=(char *)sk;
-        
-        vv=(CONF_VALUE *)lh_insert(conf,v);
-        if (vv != NULL)
-                {
-#if !defined(NO_STDIO) && !defined(WIN16)
-                fprintf(stderr,"internal fault\n");
-#endif
-                abort();
-                }
-        ok=1;
-err:
-        if (!ok)
-                {
-                if (sk != NULL) sk_free(sk);
-                if (v != NULL) Free(v);
-                v=NULL;
-                }
-        return(v);
-        }
-
-IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h
index 21831a92a3..2f70634455 100644
--- a/src/lib/libssl/src/crypto/conf/conf.h
+++ b/src/lib/libssl/src/crypto/conf/conf.h
@@ -59,14 +59,15 @@
 #ifndef  HEADER_CONF_H
 #define HEADER_CONF_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
+#include <openssl/e_os.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 typedef struct
         {
@@ -77,6 +78,25 @@ typedef struct
 
 DECLARE_STACK_OF(CONF_VALUE)
 
+struct conf_st;
+typedef struct conf_st CONF;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st
+        {
+        const char *name;
+        CONF *(MS_FAR *create)(CONF_METHOD *meth);
+        int (MS_FAR *init)(CONF *conf);
+        int (MS_FAR *destroy)(CONF *conf);
+        int (MS_FAR *destroy_data)(CONF *conf);
+        int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
+        int (MS_FAR *dump)(CONF *conf, BIO *bp);
+        int (MS_FAR *is_number)(CONF *conf, char c);
+        int (MS_FAR *to_int)(CONF *conf, char c);
+        };
+
+int CONF_set_default_method(CONF_METHOD *meth);
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
 #ifndef NO_FP_API
 LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
@@ -86,8 +106,40 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
 char *CONF_get_string(LHASH *conf,char *group,char *name);
 long CONF_get_number(LHASH *conf,char *group,char *name);
 void CONF_free(LHASH *conf);
+int CONF_dump_fp(LHASH *conf, FILE *out);
+int CONF_dump_bio(LHASH *conf, BIO *out);
 void ERR_load_CONF_strings(void );
 
+/* New conf code.  The semantics are different from the functions above.
+   If that wasn't the case, the above functions would have been replaced */
+
+struct conf_st
+        {
+        CONF_METHOD *meth;
+        void *meth_data;
+        LHASH *data;
+        };
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default();
+CONF_METHOD *NCONF_WIN32();
+#if 0 /* Just to give you an idea of what I have in mind */
+CONF_METHOD *NCONF_XML();
+#endif
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf,const char *file,long *eline);
+#ifndef NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
+#endif
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section);
+char *NCONF_get_string(CONF *conf,char *group,char *name);
+long NCONF_get_number(CONF *conf,char *group,char *name);
+int NCONF_dump_fp(CONF *conf, FILE *out);
+int NCONF_dump_bio(CONF *conf, BIO *out);
+
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -97,15 +149,24 @@ void ERR_load_CONF_strings(void );
 /* Error codes for the CONF functions. */
 
 /* Function codes. */
+#define CONF_F_CONF_DUMP_FP                              104
 #define CONF_F_CONF_LOAD                                 100
 #define CONF_F_CONF_LOAD_BIO                             102
 #define CONF_F_CONF_LOAD_FP                              103
+#define CONF_F_NCONF_DUMP_BIO                            105
+#define CONF_F_NCONF_DUMP_FP                             106
+#define CONF_F_NCONF_GET_NUMBER                          107
+#define CONF_F_NCONF_GET_SECTION                         108
+#define CONF_F_NCONF_GET_STRING                          109
+#define CONF_F_NCONF_LOAD_BIO                            110
+#define CONF_F_NCONF_NEW                                 111
 #define CONF_F_STR_COPY                                  101
 
 /* Reason codes. */
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
 #define CONF_R_MISSING_EQUAL_SIGN                        101
 #define CONF_R_NO_CLOSE_BRACE                            102
+#define CONF_R_NO_CONF                                   105
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
 #define CONF_R_VARIABLE_HAS_NO_VALUE                     104
 
diff --git a/src/lib/libssl/src/crypto/conf/conf_api.c b/src/lib/libssl/src/crypto/conf/conf_api.c
new file mode 100644
index 0000000000..d05a778ff6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_api.c
@@ -0,0 +1,289 @@
+/* conf_api.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#ifndef CONF_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static unsigned long hash(CONF_VALUE *v);
+static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(CONF *conf, char *section)
+        {
+        CONF_VALUE *v,vv;
+
+        if ((conf == NULL) || (section == NULL)) return(NULL);
+        vv.name=NULL;
+        vv.section=section;
+        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+        return(v);
+        }
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section)
+        {
+        CONF_VALUE *v;
+
+        v=_CONF_get_section(conf,section);
+        if (v != NULL)
+                return((STACK_OF(CONF_VALUE) *)v->value);
+        else
+                return(NULL);
+        }
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+        {
+        CONF_VALUE *v = NULL;
+        STACK_OF(CONF_VALUE) *ts;
+
+        ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+        value->section=section->section;        
+        if (!sk_CONF_VALUE_push(ts,value))
+                {
+                return 0;
+                }
+
+        v = (CONF_VALUE *)lh_insert(conf->data, value);
+        if (v != NULL)
+                {
+                sk_CONF_VALUE_delete_ptr(ts,v);
+                OPENSSL_free(v->name);
+                OPENSSL_free(v->value);
+                OPENSSL_free(v);
+                }
+        return 1;
+        }
+
+char *_CONF_get_string(CONF *conf, char *section, char *name)
+        {
+        CONF_VALUE *v,vv;
+        char *p;
+
+        if (name == NULL) return(NULL);
+        if (conf != NULL)
+                {
+                if (section != NULL)
+                        {
+                        vv.name=name;
+                        vv.section=section;
+                        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                        if (v != NULL) return(v->value);
+                        if (strcmp(section,"ENV") == 0)
+                                {
+                                p=Getenv(name);
+                                if (p != NULL) return(p);
+                                }
+                        }
+                vv.section="default";
+                vv.name=name;
+                v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                if (v != NULL)
+                        return(v->value);
+                else
+                        return(NULL);
+                }
+        else
+                return(Getenv(name));
+        }
+
+long _CONF_get_number(CONF *conf, char *section, char *name)
+        {
+        char *str;
+        long ret=0;
+
+        str=_CONF_get_string(conf,section,name);
+        if (str == NULL) return(0);
+        for (;;)
+                {
+                if (conf->meth->is_number(conf, *str))
+                        ret=ret*10+conf->meth->to_int(conf, *str);
+                else
+                        return(ret);
+                str++;
+                }
+        }
+
+int _CONF_new_data(CONF *conf)
+        {
+        if (conf == NULL)
+                {
+                return 0;
+                }
+        if (conf->data == NULL)
+                if ((conf->data = lh_new(hash,cmp_conf)) == NULL)
+                        {
+                        return 0;
+                        }
+        return 1;
+        }
+
+void _CONF_free_data(CONF *conf)
+        {
+        if (conf == NULL || conf->data == NULL) return;
+
+        conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
+                                  * works as expected */
+        lh_doall_arg(conf->data,(void (*)())value_free_hash,conf->data);
+
+        /* We now have only 'section' entries in the hash table.
+         * Due to problems with */
+
+        lh_doall_arg(conf->data,(void (*)())value_free_stack,conf->data);
+        lh_free(conf->data);
+        }
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+        {
+        if (a->name != NULL)
+                {
+                a=(CONF_VALUE *)lh_delete(conf,a);
+                }
+        }
+
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+        {
+        CONF_VALUE *vv;
+        STACK *sk;
+        int i;
+
+        if (a->name != NULL) return;
+
+        sk=(STACK *)a->value;
+        for (i=sk_num(sk)-1; i>=0; i--)
+                {
+                vv=(CONF_VALUE *)sk_value(sk,i);
+                OPENSSL_free(vv->value);
+                OPENSSL_free(vv->name);
+                OPENSSL_free(vv);
+                }
+        if (sk != NULL) sk_free(sk);
+        OPENSSL_free(a->section);
+        OPENSSL_free(a);
+        }
+
+static unsigned long hash(CONF_VALUE *v)
+        {
+        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+        }
+
+static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
+        {
+        int i;
+
+        if (a->section != b->section)
+                {
+                i=strcmp(a->section,b->section);
+                if (i) return(i);
+                }
+
+        if ((a->name != NULL) && (b->name != NULL))
+                {
+                i=strcmp(a->name,b->name);
+                return(i);
+                }
+        else if (a->name == b->name)
+                return(0);
+        else
+                return((a->name == NULL)?-1:1);
+        }
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, char *section)
+        {
+        STACK *sk=NULL;
+        int ok=0,i;
+        CONF_VALUE *v=NULL,*vv;
+
+        if ((sk=sk_new_null()) == NULL)
+                goto err;
+        if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+                goto err;
+        i=strlen(section)+1;
+        if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+                goto err;
+
+        memcpy(v->section,section,i);
+        v->name=NULL;
+        v->value=(char *)sk;
+        
+        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+        assert(vv == NULL);
+        ok=1;
+err:
+        if (!ok)
+                {
+                if (sk != NULL) sk_free(sk);
+                if (v != NULL) OPENSSL_free(v);
+                v=NULL;
+                }
+        return(v);
+        }
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/src/lib/libssl/src/crypto/conf/conf_api.h b/src/lib/libssl/src/crypto/conf/conf_api.h
new file mode 100644
index 0000000000..a5cc17b233
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_api.h
@@ -0,0 +1,87 @@
+/* conf_api.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef  HEADER_CONF_API_H
+#define HEADER_CONF_API_H
+
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(CONF *conf, char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(CONF *conf, char *section, char *name);
+long _CONF_get_number(CONF *conf, char *section, char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
new file mode 100644
index 0000000000..773df32c68
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -0,0 +1,703 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static char *eat_ws(CONF *conf, char *p);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf,char *section,char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, BIO *bp, long *eline);
+static int def_dump(CONF *conf, BIO *bp);
+static int def_is_number(CONF *conf, char c);
+static int def_to_int(CONF *conf, char c);
+
+const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD default_method = {
+        "OpenSSL default",
+        def_create,
+        def_init_default,
+        def_destroy,
+        def_destroy_data,
+        def_load,
+        def_dump,
+        def_is_number,
+        def_to_int
+        };
+
+static CONF_METHOD WIN32_method = {
+        "WIN32",
+        def_create,
+        def_init_WIN32,
+        def_destroy,
+        def_destroy_data,
+        def_load,
+        def_dump,
+        def_is_number,
+        def_to_int
+        };
+
+CONF_METHOD *NCONF_default()
+        {
+        return &default_method;
+        }
+CONF_METHOD *NCONF_WIN32()
+        {
+        return &WIN32_method;
+        }
+
+static CONF *def_create(CONF_METHOD *meth)
+        {
+        CONF *ret;
+
+        ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+        if (ret)
+                if (meth->init(ret) == 0)
+                        {
+                        OPENSSL_free(ret);
+                        ret = NULL;
+                        }
+        return ret;
+        }
+        
+static int def_init_default(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+
+        conf->meth = &default_method;
+        conf->meth_data = (void *)CONF_type_default;
+        conf->data = NULL;
+
+        return 1;
+        }
+
+static int def_init_WIN32(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+
+        conf->meth = &WIN32_method;
+        conf->meth_data = (void *)CONF_type_win32;
+        conf->data = NULL;
+
+        return 1;
+        }
+
+static int def_destroy(CONF *conf)
+        {
+        if (def_destroy_data(conf))
+                {
+                OPENSSL_free(conf);
+                return 1;
+                }
+        return 0;
+        }
+
+static int def_destroy_data(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+        _CONF_free_data(conf);
+        return 1;
+        }
+
+static int def_load(CONF *conf, BIO *in, long *line)
+        {
+#define BUFSIZE 512
+        char btmp[16];
+        int bufnum=0,i,ii;
+        BUF_MEM *buff=NULL;
+        char *s,*p,*end;
+        int again,n;
+        long eline=0;
+        CONF_VALUE *v=NULL,*tv;
+        CONF_VALUE *sv=NULL;
+        char *section=NULL,*buf;
+        STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+        char *start,*psection,*pname;
+        void *h = (void *)(conf->data);
+
+        if ((buff=BUF_MEM_new()) == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+                goto err;
+                }
+
+        section=(char *)OPENSSL_malloc(10);
+        if (section == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        strcpy(section,"default");
+
+        if (_CONF_new_data(conf) == 0)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        sv=_CONF_new_section(conf,section);
+        if (sv == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+                }
+        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+
+        bufnum=0;
+        for (;;)
+                {
+                again=0;
+                if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+                        {
+                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                p= &(buff->data[bufnum]);
+                *p='\0';
+                BIO_gets(in, p, BUFSIZE-1);
+                p[BUFSIZE-1]='\0';
+                ii=i=strlen(p);
+                if (i == 0) break;
+                while (i > 0)
+                        {
+                        if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+                                break;
+                        else
+                                i--;
+                        }
+                /* we removed some trailing stuff so there is a new
+                 * line on the end. */
+                if (i == ii)
+                        again=1; /* long line */
+                else
+                        {
+                        p[i]='\0';
+                        eline++; /* another input line */
+                        }
+
+                /* we now have a line with trailing \r\n removed */
+
+                /* i is the number of bytes */
+                bufnum+=i;
+
+                v=NULL;
+                /* check for line continuation */
+                if (bufnum >= 1)
+                        {
+                        /* If we have bytes and the last char '\\' and
+                         * second last char is not '\\' */
+                        p= &(buff->data[bufnum-1]);
+                        if (IS_ESC(conf,p[0]) &&
+                                ((bufnum <= 1) || !IS_ESC(conf,p[-1])))
+                                {
+                                bufnum--;
+                                again=1;
+                                }
+                        }
+                if (again) continue;
+                bufnum=0;
+                buf=buff->data;
+
+                clear_comments(conf, buf);
+                n=strlen(buf);
+                s=eat_ws(conf, buf);
+                if (IS_EOF(conf,*s)) continue; /* blank line */
+                if (*s == '[')
+                        {
+                        char *ss;
+
+                        s++;
+                        start=eat_ws(conf, s);
+                        ss=start;
+again:
+                        end=eat_alpha_numeric(conf, ss);
+                        p=eat_ws(conf, end);
+                        if (*p != ']')
+                                {
+                                if (*p != '\0')
+                                        {
+                                        ss=p;
+                                        goto again;
+                                        }
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                                goto err;
+                                }
+                        *end='\0';
+                        if (!str_copy(conf,NULL,&section,start)) goto err;
+                        if ((sv=_CONF_get_section(conf,section)) == NULL)
+                                sv=_CONF_new_section(conf,section);
+                        if (sv == NULL)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                goto err;
+                                }
+                        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+                        continue;
+                        }
+                else
+                        {
+                        pname=s;
+                        psection=NULL;
+                        end=eat_alpha_numeric(conf, s);
+                        if ((end[0] == ':') && (end[1] == ':'))
+                                {
+                                *end='\0';
+                                end+=2;
+                                psection=pname;
+                                pname=end;
+                                end=eat_alpha_numeric(conf, end);
+                                }
+                        p=eat_ws(conf, end);
+                        if (*p != '=')
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                CONF_R_MISSING_EQUAL_SIGN);
+                                goto err;
+                                }
+                        *end='\0';
+                        p++;
+                        start=eat_ws(conf, p);
+                        while (!IS_EOF(conf,*p))
+                                p++;
+                        p--;
+                        while ((p != start) && (IS_WS(conf,*p)))
+                                p--;
+                        p++;
+                        *p='\0';
+
+                        if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        if (psection == NULL) psection=section;
+                        v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
+                        v->value=NULL;
+                        if (v->name == NULL)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        strcpy(v->name,pname);
+                        if (!str_copy(conf,psection,&(v->value),start)) goto err;
+
+                        if (strcmp(psection,section) != 0)
+                                {
+                                if ((tv=_CONF_get_section(conf,psection))
+                                        == NULL)
+                                        tv=_CONF_new_section(conf,psection);
+                                if (tv == NULL)
+                                        {
+                                        CONFerr(CONF_F_CONF_LOAD_BIO,
+                                           CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                        goto err;
+                                        }
+                                ts=(STACK_OF(CONF_VALUE) *)tv->value;
+                                }
+                        else
+                                {
+                                tv=sv;
+                                ts=section_sk;
+                                }
+#if 1
+                        if (_CONF_add_string(conf, tv, v) == 0)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+#else
+                        v->section=tv->section; 
+                        if (!sk_CONF_VALUE_push(ts,v))
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+                        if (vv != NULL)
+                                {
+                                sk_CONF_VALUE_delete_ptr(ts,vv);
+                                OPENSSL_free(vv->name);
+                                OPENSSL_free(vv->value);
+                                OPENSSL_free(vv);
+                                }
+#endif
+                        v=NULL;
+                        }
+                }
+        if (buff != NULL) BUF_MEM_free(buff);
+        if (section != NULL) OPENSSL_free(section);
+        return(1);
+err:
+        if (buff != NULL) BUF_MEM_free(buff);
+        if (section != NULL) OPENSSL_free(section);
+        if (line != NULL) *line=eline;
+        sprintf(btmp,"%ld",eline);
+        ERR_add_error_data(2,"line ",btmp);
+        if ((h != conf->data) && (conf->data != NULL)) CONF_free(conf->data);
+        if (v != NULL)
+                {
+                if (v->name != NULL) OPENSSL_free(v->name);
+                if (v->value != NULL) OPENSSL_free(v->value);
+                if (v != NULL) OPENSSL_free(v);
+                }
+        return(0);
+        }
+
+static void clear_comments(CONF *conf, char *p)
+        {
+        char *to;
+
+        to=p;
+        for (;;)
+                {
+                if (IS_FCOMMENT(conf,*p))
+                        {
+                        *p='\0';
+                        return;
+                        }
+                if (!IS_WS(conf,*p))
+                        {
+                        break;
+                        }
+                p++;
+                }
+
+        for (;;)
+                {
+                if (IS_COMMENT(conf,*p))
+                        {
+                        *p='\0';
+                        return;
+                        }
+                if (IS_DQUOTE(conf,*p))
+                        {
+                        p=scan_dquote(conf, p);
+                        continue;
+                        }
+                if (IS_QUOTE(conf,*p))
+                        {
+                        p=scan_quote(conf, p);
+                        continue;
+                        }
+                if (IS_ESC(conf,*p))
+                        {
+                        p=scan_esc(conf,p);
+                        continue;
+                        }
+                if (IS_EOF(conf,*p))
+                        return;
+                else
+                        p++;
+                }
+        }
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+        {
+        int q,r,rr=0,to=0,len=0;
+        char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+        BUF_MEM *buf;
+
+        if ((buf=BUF_MEM_new()) == NULL) return(0);
+
+        len=strlen(from)+1;
+        if (!BUF_MEM_grow(buf,len)) goto err;
+
+        for (;;)
+                {
+                if (IS_QUOTE(conf,*from))
+                        {
+                        q= *from;
+                        from++;
+                        while (!IS_EOF(conf,*from) && (*from != q))
+                                {
+                                if (IS_ESC(conf,*from))
+                                        {
+                                        from++;
+                                        if (IS_EOF(conf,*from)) break;
+                                        }
+                                buf->data[to++]= *(from++);
+                                }
+                        if (*from == q) from++;
+                        }
+                else if (IS_DQUOTE(conf,*from))
+                        {
+                        q= *from;
+                        from++;
+                        while (!IS_EOF(conf,*from))
+                                {
+                                if (*from == q)
+                                        {
+                                        if (*(from+1) == q)
+                                                {
+                                                from++;
+                                                }
+                                        else
+                                                {
+                                                break;
+                                                }
+                                        }
+                                buf->data[to++]= *(from++);
+                                }
+                        if (*from == q) from++;
+                        }
+                else if (IS_ESC(conf,*from))
+                        {
+                        from++;
+                        v= *(from++);
+                        if (IS_EOF(conf,v)) break;
+                        else if (v == 'r') v='\r';
+                        else if (v == 'n') v='\n';
+                        else if (v == 'b') v='\b';
+                        else if (v == 't') v='\t';
+                        buf->data[to++]= v;
+                        }
+                else if (IS_EOF(conf,*from))
+                        break;
+                else if (*from == '$')
+                        {
+                        /* try to expand it */
+                        rrp=NULL;
+                        s= &(from[1]);
+                        if (*s == '{')
+                                q='}';
+                        else if (*s == '(')
+                                q=')';
+                        else q=0;
+
+                        if (q) s++;
+                        cp=section;
+                        e=np=s;
+                        while (IS_ALPHA_NUMERIC(conf,*e))
+                                e++;
+                        if ((e[0] == ':') && (e[1] == ':'))
+                                {
+                                cp=np;
+                                rrp=e;
+                                rr= *e;
+                                *rrp='\0';
+                                e+=2;
+                                np=e;
+                                while (IS_ALPHA_NUMERIC(conf,*e))
+                                        e++;
+                                }
+                        r= *e;
+                        *e='\0';
+                        rp=e;
+                        if (q)
+                                {
+                                if (r != q)
+                                        {
+                                        CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+                                        goto err;
+                                        }
+                                e++;
+                                }
+                        /* So at this point we have
+                         * ns which is the start of the name string which is
+                         *   '\0' terminated. 
+                         * cs which is the start of the section string which is
+                         *   '\0' terminated.
+                         * e is the 'next point after'.
+                         * r and s are the chars replaced by the '\0'
+                         * rp and sp is where 'r' and 's' came from.
+                         */
+                        p=_CONF_get_string(conf,cp,np);
+                        if (rrp != NULL) *rrp=rr;
+                        *rp=r;
+                        if (p == NULL)
+                                {
+                                CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+                                goto err;
+                                }
+                        BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+                        while (*p)
+                                buf->data[to++]= *(p++);
+                        from=e;
+                        }
+                else
+                        buf->data[to++]= *(from++);
+                }
+        buf->data[to]='\0';
+        if (*pto != NULL) OPENSSL_free(*pto);
+        *pto=buf->data;
+        OPENSSL_free(buf);
+        return(1);
+err:
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(0);
+        }
+
+static char *eat_ws(CONF *conf, char *p)
+        {
+        while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
+                p++;
+        return(p);
+        }
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+        {
+        for (;;)
+                {
+                if (IS_ESC(conf,*p))
+                        {
+                        p=scan_esc(conf,p);
+                        continue;
+                        }
+                if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
+                        return(p);
+                p++;
+                }
+        }
+
+static char *scan_quote(CONF *conf, char *p)
+        {
+        int q= *p;
+
+        p++;
+        while (!(IS_EOF(conf,*p)) && (*p != q))
+                {
+                if (IS_ESC(conf,*p))
+                        {
+                        p++;
+                        if (IS_EOF(conf,*p)) return(p);
+                        }
+                p++;
+                }
+        if (*p == q) p++;
+        return(p);
+        }
+
+
+static char *scan_dquote(CONF *conf, char *p)
+        {
+        int q= *p;
+
+        p++;
+        while (!(IS_EOF(conf,*p)))
+                {
+                if (*p == q)
+                        {
+                        if (*(p+1) == q)
+                                {
+                                p++;
+                                }
+                        else
+                                {
+                                break;
+                                }
+                        }
+                p++;
+                }
+        if (*p == q) p++;
+        return(p);
+        }
+
+static void dump_value(CONF_VALUE *a, BIO *out)
+        {
+        if (a->name)
+                BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+        else
+                BIO_printf(out, "[[%s]]\n", a->section);
+        }
+
+static int def_dump(CONF *conf, BIO *out)
+        {
+        lh_doall_arg(conf->data, (void (*)())dump_value, out);
+        return 1;
+        }
+
+static int def_is_number(CONF *conf, char c)
+        {
+        return IS_NUMBER(conf,c);
+        }
+
+static int def_to_int(CONF *conf, char c)
+        {
+        return c - '0';
+        }
+
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.h b/src/lib/libssl/src/crypto/conf/conf_def.h
new file mode 100644
index 0000000000..3244d9a331
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_def.h
@@ -0,0 +1,145 @@
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
+#define CONF_NUMBER             1
+#define CONF_UPPER              2
+#define CONF_LOWER              4
+#define CONF_UNDER              256
+#define CONF_PUNCTUATION        512
+#define CONF_WS                 16
+#define CONF_ESC                32
+#define CONF_QUOTE              64
+#define CONF_DQUOTE             1024
+#define CONF_COMMENT            128
+#define CONF_FCOMMENT           2048
+#define CONF_EOF                8
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+#endif /*CHARSET_EBCDIC*/
+
+static unsigned short CONF_type_default[128]={
+        0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+        0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+        0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+        0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+        0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+        0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+        };
+
+static unsigned short CONF_type_win32[128]={
+        0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+        0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000,
+        0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+        0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+        0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200,
+        0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+        0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100,
+        0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+        0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+        };
+
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
index 5c1ca59090..06d3163573 100644
--- a/src/lib/libssl/src/crypto/conf/conf_err.c
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -66,9 +66,17 @@
 #ifndef NO_ERR
 static ERR_STRING_DATA CONF_str_functs[]=
         {
+{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0),     "CONF_dump_fp"},
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),        "CONF_load"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),    "CONF_load_bio"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),     "CONF_load_fp"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),   "NCONF_dump_bio"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),    "NCONF_dump_fp"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"},
+{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),        "NCONF_get_section"},
+{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),   "NCONF_load_bio"},
+{ERR_PACK(0,CONF_F_NCONF_NEW,0),        "NCONF_new"},
 {ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"},
 {0,NULL}
         };
@@ -78,6 +86,7 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
diff --git a/src/lib/libssl/src/crypto/conf/conf_lcl.h b/src/lib/libssl/src/crypto/conf/conf_lcl.h
index f9a015df57..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/conf/conf_lcl.h
+++ b/src/lib/libssl/src/crypto/conf/conf_lcl.h
@@ -1,116 +0,0 @@
-/* crypto/conf/conf_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define CONF_NUMBER             1
-#define CONF_UPPER              2
-#define CONF_LOWER              4
-#define CONF_UNDER              256
-#define CONF_PUNCTUATION        512
-#define CONF_WS                 16
-#define CONF_ESC                32
-#define CONF_QUOTE              64
-#define CONF_COMMENT            128
-#define CONF_EOF                8
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-                                        CONF_PUNCTUATION)
-
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(a)           (CONF_COMMENT&(CONF_type[(a)&0x7f]))
-#define IS_EOF(a)               ((a) == '\0')
-#define IS_ESC(a)               ((a) == '\\')
-#define IS_NUMER(a)             (CONF_type[(a)&0x7f]&CONF_NUMBER)
-#define IS_WS(a)                (CONF_type[(a)&0x7f]&CONF_WS)
-#define IS_ALPHA_NUMERIC(a)     (CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(a) \
-                                (CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(a)             (CONF_type[(a)&0x7f]&CONF_QUOTE)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(a)           (CONF_COMMENT&(CONF_type[os_toascii[a]&0x7f]))
-#define IS_EOF(a)               (os_toascii[a] == '\0')
-#define IS_ESC(a)               (os_toascii[a] == '\\')
-#define IS_NUMER(a)             (CONF_type[os_toascii[a]&0x7f]&CONF_NUMBER)
-#define IS_WS(a)                (CONF_type[os_toascii[a]&0x7f]&CONF_WS)
-#define IS_ALPHA_NUMERIC(a)     (CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(a) \
-                                (CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(a)             (CONF_type[os_toascii[a]&0x7f]&CONF_QUOTE)
-#endif /*CHARSET_EBCDIC*/
-
-static unsigned short CONF_type[128]={
-        0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-        0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
-        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-        0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-        0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
-        0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
-        0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
-        0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
-        0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-        0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-        0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
-        0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-        0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-        0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
-        };
-
diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c
new file mode 100644
index 0000000000..4c8ca9e9ae
--- /dev/null
+++ b/src/lib/libssl/src/crypto/conf/conf_lib.c
@@ -0,0 +1,352 @@
+/* conf_lib.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD *default_CONF_method=NULL;
+
+/* The following section contains the "CONF classic" functions,
+   rewritten in terms of the new CONF interface. */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+        {
+        default_CONF_method = meth;
+        return 1;
+        }
+
+LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+        {
+        LHASH *ltmp;
+        BIO *in=NULL;
+
+#ifdef VMS
+        in=BIO_new_file(file, "r");
+#else
+        in=BIO_new_file(file, "rb");
+#endif
+        if (in == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+                return NULL;
+                }
+
+        ltmp = CONF_load_bio(conf, in, eline);
+        BIO_free(in);
+
+        return ltmp;
+        }
+
+#ifndef NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
+        {
+        BIO *btmp;
+        LHASH *ltmp;
+        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+                return NULL;
+        }
+        ltmp = CONF_load_bio(conf, btmp, eline);
+        BIO_free(btmp);
+        return ltmp;
+        }
+#endif
+
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
+        {
+        CONF ctmp;
+        int ret;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        ret = NCONF_load_bio(&ctmp, bp, eline);
+        if (ret)
+                return ctmp.data;
+        return NULL;
+        }
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
+        {
+        CONF ctmp;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        return NCONF_get_section(&ctmp, section);
+        }
+
+char *CONF_get_string(LHASH *conf,char *group,char *name)
+        {
+        CONF ctmp;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        return NCONF_get_string(&ctmp, group, name);
+        }
+
+long CONF_get_number(LHASH *conf,char *group,char *name)
+        {
+        CONF ctmp;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        return NCONF_get_number(&ctmp, group, name);
+        }
+
+void CONF_free(LHASH *conf)
+        {
+        CONF ctmp;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        NCONF_free_data(&ctmp);
+        }
+
+#ifndef NO_FP_API
+int CONF_dump_fp(LHASH *conf, FILE *out)
+        {
+        BIO *btmp;
+        int ret;
+
+        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
+                return 0;
+        }
+        ret = CONF_dump_bio(conf, btmp);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int CONF_dump_bio(LHASH *conf, BIO *out)
+        {
+        CONF ctmp;
+
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(&ctmp);
+        ctmp.data = conf;
+        return NCONF_dump_bio(&ctmp, out);
+        }
+
+/* The following section contains the "New CONF" functions.  They are
+   completely centralised around a new CONF structure that may contain
+   basically anything, but at least a method pointer and a table of data.
+   These functions are also written in terms of the bridge functions used
+   by the "CONF classic" functions, for consistency.  */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+        {
+        CONF *ret;
+
+        if (meth == NULL)
+                meth = NCONF_default();
+
+        ret = meth->create(meth);
+        if (ret == NULL)
+                {
+                CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        return ret;
+        }
+
+void NCONF_free(CONF *conf)
+        {
+        if (conf == NULL)
+                return;
+        conf->meth->destroy(conf);
+        }
+
+void NCONF_free_data(CONF *conf)
+        {
+        if (conf == NULL)
+                return;
+        conf->meth->destroy_data(conf);
+        }
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+        {
+        int ret;
+        BIO *in=NULL;
+
+#ifdef VMS
+        in=BIO_new_file(file, "r");
+#else
+        in=BIO_new_file(file, "rb");
+#endif
+        if (in == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+                return 0;
+                }
+
+        ret = NCONF_load_bio(conf, in, eline);
+        BIO_free(in);
+
+        return ret;
+        }
+
+#ifndef NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
+        {
+        BIO *btmp;
+        int ret;
+        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+                {
+                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+                return 0;
+                }
+        ret = NCONF_load_bio(conf, btmp, eline);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
+                return 0;
+                }
+
+        return conf->meth->load(conf, bp, eline);
+        }
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
+                return NULL;
+                }
+
+        return _CONF_get_section_values(conf, section);
+        }
+
+char *NCONF_get_string(CONF *conf,char *group,char *name)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
+                return NULL;
+                }
+
+        return _CONF_get_string(conf, group, name);
+        }
+
+long NCONF_get_number(CONF *conf,char *group,char *name)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
+                return 0;
+                }
+        
+        return _CONF_get_number(conf, group, name);
+        }
+
+#ifndef NO_FP_API
+int NCONF_dump_fp(CONF *conf, FILE *out)
+        {
+        BIO *btmp;
+        int ret;
+        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
+                return 0;
+        }
+        ret = NCONF_dump_bio(conf, btmp);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int NCONF_dump_bio(CONF *conf, BIO *out)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
+                return 0;
+                }
+
+        return conf->meth->dump(conf, out);
+        }
+
diff --git a/src/lib/libssl/src/crypto/conf/keysets.pl b/src/lib/libssl/src/crypto/conf/keysets.pl
index 1aed0c80c4..56669e76ac 100644
--- a/src/lib/libssl/src/crypto/conf/keysets.pl
+++ b/src/lib/libssl/src/crypto/conf/keysets.pl
@@ -3,12 +3,15 @@
 $NUMBER=0x01;
 $UPPER=0x02;
 $LOWER=0x04;
-$EOF=0x08;
+$UNDER=0x100;
+$PUNCTUATION=0x200;
 $WS=0x10;
 $ESC=0x20;
 $QUOTE=0x40;
+$DQUOTE=0x400;
 $COMMENT=0x80;
-$UNDER=0x100;
+$FCOMMENT=0x800;
+$EOF=0x08;
 
 foreach (0 .. 127)
         {
@@ -18,44 +21,159 @@ foreach (0 .. 127)
         $v|=$UPPER      if ($c =~ /[A-Z]/);
         $v|=$LOWER      if ($c =~ /[a-z]/);
         $v|=$UNDER      if ($c =~ /_/);
-        $v|=$WS         if ($c =~ / \t\r\n/);
+        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+        $v|=$WS         if ($c =~ /[ \t\r\n]/);
         $v|=$ESC        if ($c =~ /\\/);
-        $v|=$QUOTE      if ($c =~ /['`"]/);
+        $v|=$QUOTE      if ($c =~ /['`"]/); # for emacs: "`'}/)
         $v|=$COMMENT    if ($c =~ /\#/);
         $v|=$EOF        if ($c =~ /\0/);
 
-        push(@V,$v);
+        push(@V_def,$v);
+        }
+
+foreach (0 .. 127)
+        {
+        $v=0;
+        $c=sprintf("%c",$_);
+        $v|=$NUMBER     if ($c =~ /[0-9]/);
+        $v|=$UPPER      if ($c =~ /[A-Z]/);
+        $v|=$LOWER      if ($c =~ /[a-z]/);
+        $v|=$UNDER      if ($c =~ /_/);
+        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+        $v|=$WS         if ($c =~ /[ \t\r\n]/);
+        $v|=$DQUOTE     if ($c =~ /["]/); # for emacs: "}/)
+        $v|=$FCOMMENT   if ($c =~ /;/);
+        $v|=$EOF        if ($c =~ /\0/);
+
+        push(@V_w32,$v);
         }
 
 print <<"EOF";
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay\@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay\@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
 #define CONF_NUMBER             $NUMBER
 #define CONF_UPPER              $UPPER
 #define CONF_LOWER              $LOWER
-#define CONF_EOF                $EOF
+#define CONF_UNDER              $UNDER
+#define CONF_PUNCTUATION        $PUNCTUATION
 #define CONF_WS                 $WS
 #define CONF_ESC                $ESC
 #define CONF_QUOTE              $QUOTE
+#define CONF_DQUOTE             $DQUOTE
 #define CONF_COMMENT            $COMMENT
+#define CONF_FCOMMENT           $FCOMMENT
+#define CONF_EOF                $EOF
 #define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_UNDER              $UNDER
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+
+#else /*CHARSET_EBCDIC*/
 
-#define IS_COMMENT(a)           (CONF_COMMENT&(CONF_type[(a)&0x7f]))
-#define IS_EOF(a)               ((a) == '\\0')
-#define IS_ESC(a)               ((a) == '\\\\')
-#define IS_NUMER(a)             (CONF_type[(a)&0x7f]&CONF_NUMBER)
-#define IS_WS(a)                (CONF_type[(a)&0x7f]&CONF_WS)
-#define IS_ALPHA_NUMERIC(a)     (CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
-#define IS_QUOTE(a)             (CONF_type[(a)&0x7f]&CONF_QUOTE)
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+#endif /*CHARSET_EBCDIC*/
 
 EOF
 
-print "static unsigned short CONF_type[128]={";
+print "static unsigned short CONF_type_default[128]={";
+
+for ($i=0; $i<128; $i++)
+        {
+        print "\n\t" if ($i % 8) == 0;
+        printf "0x%03X,",$V_def[$i];
+        }
+
+print "\n\t};\n\n";
+
+print "static unsigned short CONF_type_win32[128]={";
 
 for ($i=0; $i<128; $i++)
         {
         print "\n\t" if ($i % 8) == 0;
-        printf "0x%03X,",$V[$i];
+        printf "0x%03X,",$V_w32[$i];
         }
 
-print "\n\t};\n";
+print "\n\t};\n\n";
diff --git a/src/lib/libssl/src/crypto/conf/test.c b/src/lib/libssl/src/crypto/conf/test.c
index 9390a48baf..7fab85053e 100644
--- a/src/lib/libssl/src/crypto/conf/test.c
+++ b/src/lib/libssl/src/crypto/conf/test.c
@@ -67,7 +67,10 @@ main()
         long eline;
         char *s,*s2;
 
-        conf=CONF_load(NULL,"openssl.conf",&eline);
+#ifdef USE_WIN32
+        CONF_set_default_method(CONF_WIN32);
+#endif
+        conf=CONF_load(NULL,"ssleay.cnf",&eline);
         if (conf == NULL)
                 {
                 ERR_load_crypto_strings();
@@ -88,5 +91,8 @@ main()
         s=CONF_get_string(conf,"s_client","cipher1");
         printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
 
+        printf("---------------------------- DUMP ------------------------\n");
+        CONF_dump_fp(conf, stdout);
+
         exit(0);
         }
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c
index dadd8d8d92..7018b74ca0 100644
--- a/src/lib/libssl/src/crypto/cpt_err.c
+++ b/src/lib/libssl/src/crypto/cpt_err.c
@@ -67,6 +67,7 @@
 static ERR_STRING_DATA CRYPTO_str_functs[]=
         {
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),        "CRYPTO_get_ex_new_index"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0),       "CRYPTO_get_new_dynlockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),  "CRYPTO_get_new_lockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),     "CRYPTO_set_ex_data"},
 {0,NULL}
@@ -74,6 +75,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 
 static ERR_STRING_DATA CRYPTO_str_reasons[]=
         {
+{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK     ,"no dynlock create callback"},
 {0,NULL}
         };
 
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index a8f29f1e65..9de60fd528 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -60,11 +60,15 @@
 #include <string.h>
 #include "cryptlib.h"
 #include <openssl/crypto.h>
+#include <openssl/safestack.h>
 
 #if defined(WIN32) || defined(WIN16)
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
 /* real #defines in crypto.h, keep these upto date */
 static const char* lock_names[CRYPTO_NUM_LOCKS] =
         {
@@ -94,18 +98,36 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
         "RSA_blinding",
         "dh",
         "debug_malloc2",
-#if CRYPTO_NUM_LOCKS != 26
+        "dso",
+        "dynlock",
+        "engine",
+#if CRYPTO_NUM_LOCKS != 29
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
         };
 
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
 static STACK *app_locks=NULL;
 
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+
+
 static void (MS_FAR *locking_callback)(int mode,int type,
         const char *file,int line)=NULL;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
         int type,const char *file,int line)=NULL;
 static unsigned long (MS_FAR *id_callback)(void)=NULL;
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=NULL;
+
 int CRYPTO_get_new_lockid(char *name)
         {
         char *str;
@@ -125,10 +147,13 @@ int CRYPTO_get_new_lockid(char *name)
                 return(0);
                 }
         if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
                 return(0);
+                }
         i=sk_push(app_locks,str);
         if (!i)
-                Free(str);
+                OPENSSL_free(str);
         else
                 i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
         return(i);
@@ -139,6 +164,156 @@ int CRYPTO_num_locks(void)
         return CRYPTO_NUM_LOCKS;
         }
 
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (!i)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                return;
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (--(pointer->references) <= 0)
+                                {
+                                sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_lock_callback=func;
+        }
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
+
+
 void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
                 int line)
         {
@@ -219,14 +394,28 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
                         CRYPTO_get_lock_name(type), file, line);
                 }
 #endif
-        if (locking_callback != NULL)
-                locking_callback(mode,type,file,line);
+        if (type < 0)
+                {
+                int i = -type - 1;
+                struct CRYPTO_dynlock_value *pointer
+                        = CRYPTO_get_dynlock_value(i);
+
+                if (pointer)
+                        {
+                        dynlock_lock_callback(mode, pointer, file, line);
+                        }
+
+                CRYPTO_destroy_dynlockid(i);
+                }
+        else
+                if (locking_callback != NULL)
+                        locking_callback(mode,type,file,line);
         }
 
 int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
              int line)
         {
-        int ret;
+        int ret = 0;
 
         if (add_lock_callback != NULL)
                 {
@@ -265,7 +454,7 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
 const char *CRYPTO_get_lock_name(int type)
         {
         if (type < 0)
-                return("ERROR");
+                return("dynamic");
         else if (type < CRYPTO_NUM_LOCKS)
                 return(lock_names[type]);
         else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index e3d38524ae..5eff5d3141 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -62,10 +62,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #include "openssl/e_os.h"
 
 #include <openssl/crypto.h>
@@ -74,6 +70,10 @@ extern "C" {
 #include <openssl/err.h>
 #include <openssl/opensslconf.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #ifndef VMS
 #define X509_CERT_AREA          OPENSSLDIR
 #define X509_CERT_DIR           OPENSSLDIR "/certs"
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index 8ddeafbc06..21d56a4b50 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -86,9 +86,9 @@ $ ENDIF
 $!
 $! Define The Different Encryption Types.
 $!
-$ ENCRYPT_TYPES = "Basic,MD2,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
                   "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-                  "BN,RSA,DSA,DH,"+ -
+                  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
                   "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
                   "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
                   "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -176,6 +176,7 @@ $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
 $ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err"
 $ LIB_MD2 = "md2_dgst,md2_one"
+$ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
 $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one"
 $ LIB_MDC2 = "mdc2dgst,mdc2_one"
@@ -203,35 +204,35 @@ $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
         "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
+$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
+        "dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
+        "hw_atalla,hw_cswift,hw_ncipher"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
         "bss_mem,bss_null,bss_fd,"+ -
         "bss_file,bss_sock,bss_conn,"+ -
         "bf_null,bf_buff,b_print,b_dump,"+ -
-        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log"
+        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+        "bf_lbuf"
 $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
-$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd"
+$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win"
 $ LIB_ERR = "err,err_all,err_prn"
 $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
 $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
-        "e_ecb_d,e_cbc_d,e_cfb_d,e_ofb_d,"+ -
-        "e_ecb_i,e_cbc_i,e_cfb_i,e_ofb_i,"+ -
-        "e_ecb_3d,e_cbc_3d,e_rc4,names,"+ -
-        "e_cfb_3d,e_ofb_3d,e_xcbc_d,"+ -
-        "e_ecb_r2,e_cbc_r2,e_cfb_r2,e_ofb_r2,"+ -
-        "e_ecb_bf,e_cbc_bf,e_cfb_bf,e_ofb_bf"
-$ LIB_EVP_2 = "e_ecb_c,e_cbc_c,e_cfb_c,e_ofb_c,"+ -
-        "e_ecb_r5,e_cbc_r5,e_cfb_r5,e_ofb_r5,"+ -
-        "m_null,m_md2,m_md5,m_sha,m_sha1,m_dss,m_dss1,m_mdc2,"+ -
-        "m_ripemd,"+ -
+        "e_des,e_bf,e_idea,e_des3,"+ -
+        "e_rc4,names,"+ -
+        "e_xcbc_d,e_rc2,e_cast,e_rc5"
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
+        "m_dss,m_dss1,m_mdc2,m_ripemd,"+ -
         "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
         "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
         "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
         "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
 $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
         "a_null,a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,a_bmp,"+ -
-        "a_enum,a_vis,a_utf8,a_sign,a_digest,a_verify,a_mbstr,"+ -
+        "a_enum,a_vis,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
         "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,"+ -
         "x_name,x_cinf,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
         "d2i_r_pr,i2d_r_pr,d2i_r_pu,i2d_r_pu,"+ -
@@ -254,7 +255,7 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
 $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
         "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
         "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info"
-$ LIB_CONF = "conf,conf_err"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,pk7_mime"
 $ LIB_PKCS12 = "p12_add,p12_attr,p12_bags,p12_crpt,p12_crt,p12_decr,"+ -
@@ -267,8 +268,8 @@ $! Setup exceptional compilations
 $!
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,"
-$ COMPILEWITH_CC5 = ",md2_dgst,md5_dgst,mdc2dgst,sha_dgst,sha1dgst," + -
-                    "rmd_dgst,bf_enc,"
+$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
+                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
 $!
 $! Check To See If We Are Going To Use RSAREF.
 $!
@@ -281,10 +282,10 @@ $!
 $   IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."")
 $   THEN
 $!
-$!    Tell The User That The File Dosen't Exist.
+$!    Tell The User That The File Doesn't Exist.
 $!
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Dosen't Exist."
+$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Exit The Build.
@@ -316,10 +317,10 @@ $!
 $   IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."")
 $   THEN
 $!
-$!    Tell The User That The File Dosen't Exist.
+$!    Tell The User That The File Doesn't Exist.
 $!
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Dosen't Exist."
+$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Exit The Build.
@@ -532,10 +533,10 @@ $!
 $ IF (F$SEARCH(SOURCE_FILE).EQS."")
 $ THEN
 $!
-$!  Tell The User That The File Dosen't Exist.
+$!  Tell The User That The File Doesn't Exist.
 $!
 $   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
 $   WRITE SYS$OUTPUT ""
 $!
 $!  Exit The Build.
@@ -918,7 +919,7 @@ $!
 $       WRITE SYS$OUTPUT ""
 $       WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
 $       WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'.  You have to"
-$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the"
 $       WRITE SYS$OUTPUT "directory structure stored.  You have to extract the file"
 $       WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
 $       WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
@@ -1139,7 +1140,7 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5'"
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5',DSO_VMS"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"
@@ -1195,7 +1196,9 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
          THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1227,7 +1230,8 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
            CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1259,7 +1263,8 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 41c937966e..52ee97b71a 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -59,10 +59,6 @@
 #ifndef HEADER_CRYPTO_H
 #define HEADER_CRYPTO_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #include <stdlib.h>
 
 #ifndef NO_FP_API
@@ -77,10 +73,13 @@ extern "C" {
 #include <openssl/ebcdic.h>
 #endif
 
-#if defined(VMS) || defined(__VMS)
-#include "vms_idhacks.h"
-#endif
+/* Resolve problems on some operating systems with symbol names that clash
+   one way or another */
+#include <openssl/symhacks.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 /* Backward compatibility to SSLeay */
 /* This is more to be used to check the correct DLL is being used
@@ -121,7 +120,10 @@ extern "C" {
 #define CRYPTO_LOCK_RSA_BLINDING        23
 #define CRYPTO_LOCK_DH                  24
 #define CRYPTO_LOCK_MALLOC2             25
-#define CRYPTO_NUM_LOCKS                26
+#define CRYPTO_LOCK_DSO                 26
+#define CRYPTO_LOCK_DYNLOCK             27
+#define CRYPTO_LOCK_ENGINE              28
+#define CRYPTO_NUM_LOCKS                29
 
 #define CRYPTO_LOCK             1
 #define CRYPTO_UNLOCK           2
@@ -149,6 +151,17 @@ extern "C" {
 #define CRYPTO_add(a,b,c)       ((*(a))+=(b))
 #endif
 
+/* Some applications as well as some parts of OpenSSL need to allocate
+   and deallocate locks in a dynamic fashion.  The following typedef
+   makes this possible in a type-safe manner.  */
+/* struct CRYPTO_dynlock_value has to be defined by the application. */
+typedef struct
+        {
+        int references;
+        struct CRYPTO_dynlock_value *data;
+        } CRYPTO_dynlock;
+
+
 /* The following can be used to detect memory leaks in the SSLeay library.
  * It used, it turns on malloc checking */
 
@@ -230,11 +243,11 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
  * unless CRYPTO_MDEBUG is defined) */
 #define CRYPTO_malloc_debug_init()      do {\
         CRYPTO_set_mem_debug_functions(\
-                (void (*)())CRYPTO_dbg_malloc,\
-                (void (*)())CRYPTO_dbg_realloc,\
-                (void (*)())CRYPTO_dbg_free,\
-                (void (*)())CRYPTO_dbg_set_options,\
-                (long (*)())CRYPTO_dbg_get_options);\
+                CRYPTO_dbg_malloc,\
+                CRYPTO_dbg_realloc,\
+                CRYPTO_dbg_free,\
+                CRYPTO_dbg_set_options,\
+                CRYPTO_dbg_get_options);\
         } while(0)
 
 int CRYPTO_mem_ctrl(int mode);
@@ -249,22 +262,17 @@ int CRYPTO_is_mem_check_on(void);
 #define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
 #define is_MemCheck_on() CRYPTO_is_mem_check_on()
 
-#define Malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define Realloc(addr,num) \
+#define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc(addr,num) \
         CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define Remalloc(addr,num) \
+#define OPENSSL_remalloc(addr,num) \
         CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define FreeFunc        CRYPTO_free
-#define Free(addr)      CRYPTO_free(addr)
+#define OPENSSL_freeFunc        CRYPTO_free
+#define OPENSSL_free(addr)      CRYPTO_free(addr)
 
-#define Malloc_locked(num) CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-#define Free_locked(addr) CRYPTO_free_locked(addr)
-
-
-/* Case insensiteve linking causes problems.... */
-#if defined(WIN16) || defined(VMS)
-#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings
-#endif
+#define OPENSSL_malloc_locked(num) \
+        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 
 
 const char *SSLeay_version(int type);
@@ -298,14 +306,32 @@ const char *CRYPTO_get_lock_name(int type);
 int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
                     int line);
 
+int CRYPTO_get_new_dynlockid(void);
+void CRYPTO_destroy_dynlockid(int i);
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
+void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
+
 /* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
  * call the latter last if you need different functions */
 int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
 int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(),void (*r)(),void (*f)(),void (*so)(),long (*go)());
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+                                   void (*r)(void *,void *,int,const char *,int,int),
+                                   void (*f)(void *,int),
+                                   void (*so)(long),
+                                   long (*go)(void));
 void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
-void CRYPTO_get_mem_debug_functions(void (**m)(),void (**r)(),void (**f)(),void (**so)(),long (**go)());
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r)(void *,void *,int,const char *,int,int),
+                                    void (**f)(void *,int),
+                                    void (**so)(long),
+                                    long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
 void CRYPTO_free_locked(void *);
@@ -348,7 +374,7 @@ void CRYPTO_mem_leaks_fp(FILE *);
 #endif
 void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
-void CRYPTO_mem_leaks_cb(void (*cb)());
+void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
 
 void ERR_load_CRYPTO_strings(void);
 
@@ -361,10 +387,12 @@ void ERR_load_CRYPTO_strings(void);
 
 /* Function codes. */
 #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID                103
 #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
 
 /* Reason codes. */
+#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
index 3eb0738b7b..34a360b7ab 100644
--- a/src/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -162,16 +162,19 @@ ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-enc_read.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+enc_read.o: ../../include/openssl/opensslconf.h
 enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-enc_read.o: ../../include/openssl/stack.h ../cryptlib.h des_locl.h
+enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_read.o: ../cryptlib.h des_locl.h
 enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-enc_writ.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+enc_writ.o: ../../include/openssl/opensslconf.h
 enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 enc_writ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-enc_writ.o: ../cryptlib.h des_locl.h
+enc_writ.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
 fcrypt.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h
 fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
@@ -193,9 +196,11 @@ read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
 read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-read_pwd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+read_pwd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+read_pwd.o: ../../include/openssl/opensslconf.h
 read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-read_pwd.o: ../../include/openssl/stack.h ../cryptlib.h des_locl.h
+read_pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read_pwd.o: ../cryptlib.h des_locl.h
 rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
 set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libssl/src/crypto/des/des.c b/src/lib/libssl/src/crypto/des/des.c
index 0197489c9e..215d7413c0 100644
--- a/src/lib/libssl/src/crypto/des/des.c
+++ b/src/lib/libssl/src/crypto/des/des.c
@@ -374,8 +374,8 @@ void doencryption(void)
 
         if (buf == NULL)
                 {
-                if (    (( buf=Malloc(BUFSIZE+8)) == NULL) ||
-                        ((obuf=Malloc(BUFSIZE+8)) == NULL))
+                if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
+                        ((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
                         {
                         fputs("Not enough memory\n",stderr);
                         Exit=10;
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h
index ead67986d9..2db9748cb4 100644
--- a/src/lib/libssl/src/crypto/des/des.h
+++ b/src/lib/libssl/src/crypto/des/des.h
@@ -59,10 +59,6 @@
 #ifndef HEADER_DES_H
 #define HEADER_DES_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_DES
 #error DES is disabled.
 #endif
@@ -71,10 +67,13 @@ extern "C" {
 #error <openssl/des.h> replaces <kerberos/des.h>.
 #endif
 
-#include <stdio.h>
 #include <openssl/opensslconf.h> /* DES_LONG */
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef unsigned char des_cblock[8];
 typedef /* const */ unsigned char const_des_cblock[8];
 /* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
diff --git a/src/lib/libssl/src/crypto/des/enc_read.c b/src/lib/libssl/src/crypto/des/enc_read.c
index 7399ff7269..af2d9177d2 100644
--- a/src/lib/libssl/src/crypto/des/enc_read.c
+++ b/src/lib/libssl/src/crypto/des/enc_read.c
@@ -103,17 +103,17 @@ int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
 
         if (tmpbuf == NULL)
                 {
-                tmpbuf=Malloc(BSIZE);
+                tmpbuf=OPENSSL_malloc(BSIZE);
                 if (tmpbuf == NULL) return(-1);
                 }
         if (net == NULL)
                 {
-                net=Malloc(BSIZE);
+                net=OPENSSL_malloc(BSIZE);
                 if (net == NULL) return(-1);
                 }
         if (unnet == NULL)
                 {
-                unnet=Malloc(BSIZE);
+                unnet=OPENSSL_malloc(BSIZE);
                 if (unnet == NULL) return(-1);
                 }
         /* left over data from last decrypt */
diff --git a/src/lib/libssl/src/crypto/des/enc_writ.c b/src/lib/libssl/src/crypto/des/enc_writ.c
index 4d3452724e..cc2b50fb50 100644
--- a/src/lib/libssl/src/crypto/des/enc_writ.c
+++ b/src/lib/libssl/src/crypto/des/enc_writ.c
@@ -95,7 +95,7 @@ int des_enc_write(int fd, const void *_buf, int len,
 
         if (outbuf == NULL)
                 {
-                outbuf=Malloc(BSIZE+HDRSIZE);
+                outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
                 if (outbuf == NULL) return(-1);
                 }
         /* If we are sending less than 8 bytes, the same char will look
diff --git a/src/lib/libssl/src/crypto/des/qud_cksm.c b/src/lib/libssl/src/crypto/des/qud_cksm.c
index 5f0ec5387f..9fff989edb 100644
--- a/src/lib/libssl/src/crypto/des/qud_cksm.c
+++ b/src/lib/libssl/src/crypto/des/qud_cksm.c
@@ -81,13 +81,17 @@ DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
         long l;
         const unsigned char *cp;
 #ifdef _CRAY
-        short *lp;
+        struct lp_st { int a:32; int b:32; } *lp;
 #else
         DES_LONG *lp;
 #endif
 
         if (out_count < 1) out_count=1;
+#ifdef _CRAY
+        lp = (struct lp_st *) &(output[0])[0];
+#else
         lp = (DES_LONG *) &(output[0])[0];
+#endif
 
         z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
         z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
@@ -120,8 +124,14 @@ DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
                         {
                         /* The MIT library assumes that the checksum is
                          * composed of 2*out_count 32 bit ints */
+#ifdef _CRAY
+                        (*lp).a = z0;
+                        (*lp).b = z1;
+                        lp++;
+#else
                         *lp++ = z0;
                         *lp++ = z1;
+#endif
                         }
                 }
         return(z0);
diff --git a/src/lib/libssl/src/crypto/des/read_pwd.c b/src/lib/libssl/src/crypto/des/read_pwd.c
index fa2d67da64..c27ec336e7 100644
--- a/src/lib/libssl/src/crypto/des/read_pwd.c
+++ b/src/lib/libssl/src/crypto/des/read_pwd.c
@@ -161,7 +161,7 @@
 #include <sys/ioctl.h>
 #endif
 
-#ifdef MSDOS
+#if defined(MSDOS) && !defined(__CYGWIN32__)
 #include <conio.h>
 #define fgets(a,b,c) noecho_fgets(a,b,c)
 #endif
@@ -265,13 +265,17 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
         is_a_tty=1;
         tty=NULL;
 
-#ifndef MSDOS
-        if ((tty=fopen("/dev/tty","r")) == NULL)
-                tty=stdin;
-#else /* MSDOS */
+#ifdef MSDOS
         if ((tty=fopen("con","r")) == NULL)
                 tty=stdin;
-#endif /* MSDOS */
+#elif defined(MAC_OS_pre_X)
+        tty=stdin;
+#else
+#ifndef MPE
+        if ((tty=fopen("/dev/tty","r")) == NULL)
+#endif
+                tty=stdin;
+#endif
 
 #if defined(TTY_get) && !defined(VMS)
         if (TTY_get(fileno(tty),&tty_orig) == -1)
@@ -310,8 +314,12 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 
 #if defined(TTY_set) && !defined(VMS)
         if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+#ifdef MPE 
+                ; /* MPE lies -- echo really has been disabled */
+#else
                 return(-1);
 #endif
+#endif
 #ifdef VMS
         tty_new[0] = tty_orig[0];
         tty_new[1] = tty_orig[1] | TT$M_NOECHO;
diff --git a/src/lib/libssl/src/crypto/dh/Makefile.ssl b/src/lib/libssl/src/crypto/dh/Makefile.ssl
index 8df60872ef..88d0d1748b 100644
--- a/src/lib/libssl/src/crypto/dh/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/dh/Makefile.ssl
@@ -82,31 +82,57 @@ dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_check.o: ../../include/openssl/stack.h ../cryptlib.h
-dh_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-dh_err.o: ../../include/openssl/dh.h ../../include/openssl/err.h
+dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_check.o: ../cryptlib.h
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_err.o: ../../include/openssl/symhacks.h
 dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dh_key.o: ../../include/openssl/stack.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dh_lib.o: ../cryptlib.h
+dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index c15b2ad483..7a8d9f88c2 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -59,19 +59,22 @@
 #ifndef HEADER_DH_H
 #define HEADER_DH_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_DH
 #error DH is disabled.
 #endif
 
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
         
 #define DH_FLAG_CACHE_MONT_P    0x01
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct dh_st DH;
 
 typedef struct dh_method {
@@ -112,7 +115,11 @@ struct dh_st
 
         int references;
         CRYPTO_EX_DATA ex_data;
+#if 0
         DH_METHOD *meth;
+#else
+        struct engine_st *engine;
+#endif
         };
 
 #define DH_GENERATOR_2          2
@@ -147,10 +154,15 @@ struct dh_st
 
 DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
+void DH_set_default_openssl_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_openssl_method(void);
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
+#else
+int DH_set_method(DH *dh, struct engine_st *engine);
+DH *DH_new_method(struct engine_st *engine);
+#endif
 
 DH *    DH_new(void);
 void    DH_free(DH *dh);
@@ -169,7 +181,7 @@ int	i2d_DHparams(DH *a,unsigned char **pp);
 #ifndef NO_FP_API
 int     DHparams_print_fp(FILE *fp, DH *x);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     DHparams_print(BIO *bp, DH *x);
 #else
 int     DHparams_print(char *bp, DH *x);
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index 0c7eeaf260..6915d79dcc 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -72,12 +73,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
         {
-        return dh->meth->generate_key(dh);
+        return ENGINE_get_DH(dh->engine)->generate_key(dh);
         }
 
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
         {
-        return dh->meth->compute_key(key, pub_key, dh);
+        return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
         }
 
 static DH_METHOD dh_ossl = {
@@ -137,8 +138,9 @@ static int generate_key(DH *dh)
                 }
         mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-        if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
-                                                                goto err;
+        if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+                                priv_key,dh->p,&ctx,mont))
+                goto err;
                 
         dh->pub_key=pub_key;
         dh->priv_key=priv_key;
@@ -177,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
                 }
 
         mont=(BN_MONT_CTX *)dh->method_mont_p;
-        if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+        if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
+                                dh->priv_key,dh->p,&ctx,mont))
                 {
                 DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                 goto err;
@@ -193,19 +196,26 @@ err:
 static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                         const BIGNUM *m, BN_CTX *ctx,
                         BN_MONT_CTX *m_ctx)
-{
-        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-}
+        {
+        if (a->top == 1)
+                {
+                BN_ULONG A = a->d[0];
+                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+                }
+        else
+                return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+        }
+
 
 static int dh_init(DH *dh)
-{
+        {
         dh->flags |= DH_FLAG_CACHE_MONT_P;
         return(1);
-}
+        }
 
 static int dh_finish(DH *dh)
-{
+        {
         if(dh->method_mont_p)
                 BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
         return(1);
-}
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c
index 6c21463028..66803b5565 100644
--- a/src/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/src/lib/libssl/src/crypto/dh/dh_lib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
@@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
 
-void DH_set_default_method(DH_METHOD *meth)
+void DH_set_default_openssl_method(DH_METHOD *meth)
 {
-        default_DH_method = meth;
+        ENGINE *e;
+        /* We'll need to notify the "openssl" ENGINE of this
+         * change too. We won't bother locking things down at
+         * our end as there was never any locking in these
+         * functions! */
+        if(default_DH_method != meth)
+                {
+                default_DH_method = meth;
+                e = ENGINE_by_id("openssl");
+                if(e)
+                        {
+                        ENGINE_set_DH(e, meth);
+                        ENGINE_free(e);
+                        }
+                }
 }
 
-DH_METHOD *DH_get_default_method(void)
+DH_METHOD *DH_get_default_openssl_method(void)
 {
         if(!default_DH_method) default_DH_method = DH_OpenSSL();
         return default_DH_method;
 }
 
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
         DH_METHOD *mtmp;
@@ -87,25 +103,56 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
         if (meth->init) meth->init(dh);
         return mtmp;
 }
+#else
+int DH_set_method(DH *dh, ENGINE *engine)
+{
+        ENGINE *mtmp;
+        DH_METHOD *meth;
+        mtmp = dh->engine;
+        meth = ENGINE_get_DH(mtmp);
+        if (!ENGINE_init(engine))
+                return 0;
+        if (meth->finish) meth->finish(dh);
+        dh->engine= engine;
+        meth = ENGINE_get_DH(engine);
+        if (meth->init) meth->init(dh);
+        /* SHOULD ERROR CHECK THIS!!! */
+        ENGINE_finish(mtmp);
+        return 1;
+}
+#endif
 
 DH *DH_new(void)
 {
         return DH_new_method(NULL);
 }
 
+#if 0
 DH *DH_new_method(DH_METHOD *meth)
+#else
+DH *DH_new_method(ENGINE *engine)
+#endif
         {
+        DH_METHOD *meth;
         DH *ret;
-        ret=(DH *)Malloc(sizeof(DH));
+        ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
         if (ret == NULL)
                 {
                 DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
                 return(NULL);
                 }
-        if(!default_DH_method) default_DH_method = DH_OpenSSL();
-        if(meth) ret->meth = meth;
-        else ret->meth = default_DH_method;
+        if(engine)
+                ret->engine = engine;
+        else
+                {
+                if((ret->engine=ENGINE_get_default_DH()) == NULL)
+                        {
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+        meth = ENGINE_get_DH(ret->engine);
         ret->pad=0;
         ret->version=0;
         ret->p=NULL;
@@ -120,10 +167,10 @@ DH *DH_new_method(DH_METHOD *meth)
         ret->counter = NULL;
         ret->method_mont_p=NULL;
         ret->references = 1;
-        ret->flags=ret->meth->flags;
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+        ret->flags=meth->flags;
+        if ((meth->init != NULL) && !meth->init(ret))
                 {
-                Free(ret);
+                OPENSSL_free(ret);
                 ret=NULL;
                 }
         else
@@ -133,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth)
 
 void DH_free(DH *r)
         {
+        DH_METHOD *meth;
         int i;
         if(r == NULL) return;
         i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -150,17 +198,19 @@ void DH_free(DH *r)
 
         CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
 
-        if(r->meth->finish) r->meth->finish(r);
+        meth = ENGINE_get_DH(r->engine);
+        if(meth->finish) meth->finish(r);
+        ENGINE_finish(r->engine);
 
         if (r->p != NULL) BN_clear_free(r->p);
         if (r->g != NULL) BN_clear_free(r->g);
         if (r->q != NULL) BN_clear_free(r->q);
         if (r->j != NULL) BN_clear_free(r->j);
-        if (r->seed) Free(r->seed);
+        if (r->seed) OPENSSL_free(r->seed);
         if (r->counter != NULL) BN_clear_free(r->counter);
         if (r->pub_key != NULL) BN_clear_free(r->pub_key);
         if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-        Free(r);
+        OPENSSL_free(r);
         }
 
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
diff --git a/src/lib/libssl/src/crypto/dh/dhtest.c b/src/lib/libssl/src/crypto/dh/dhtest.c
index d66c28455e..f0151253d7 100644
--- a/src/lib/libssl/src/crypto/dh/dhtest.c
+++ b/src/lib/libssl/src/crypto/dh/dhtest.c
@@ -140,7 +140,7 @@ int main(int argc, char *argv[])
         BIO_puts(out,"\n");
 
         alen=DH_size(a);
-        abuf=(unsigned char *)Malloc(alen);
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
         aout=DH_compute_key(abuf,b->pub_key,a);
 
         BIO_puts(out,"key1 =");
@@ -152,7 +152,7 @@ int main(int argc, char *argv[])
         BIO_puts(out,"\n");
 
         blen=DH_size(b);
-        bbuf=(unsigned char *)Malloc(blen);
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
         bout=DH_compute_key(bbuf,a->pub_key,b);
 
         BIO_puts(out,"key2 =");
@@ -170,8 +170,8 @@ int main(int argc, char *argv[])
         else
                 ret=0;
 err:
-        if (abuf != NULL) Free(abuf);
-        if (bbuf != NULL) Free(bbuf);
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
         if(b != NULL) DH_free(b);
         if(a != NULL) DH_free(a);
         BIO_free(out);
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile.ssl b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
index b0bcf974fb..dac582be00 100644
--- a/src/lib/libssl/src/crypto/dsa/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
@@ -85,62 +85,105 @@ dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
-dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-dsa_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_asn1.o: ../cryptlib.h
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+dsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_err.o: ../../include/openssl/stack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_lib.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_ossl.o: ../cryptlib.h
+dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_sign.o: ../cryptlib.h
+dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_vrf.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 68d9912cbc..65689a3426 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -65,14 +65,13 @@
 #ifndef HEADER_DSA_H
 #define HEADER_DSA_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_DSA
 #error DSA is disabled.
 #endif
 
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
 #ifndef NO_DH
@@ -81,6 +80,10 @@ extern "C" {
 
 #define DSA_FLAG_CACHE_MONT_P   0x01
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct dsa_st DSA;
 
 typedef struct DSA_SIG_st
@@ -130,7 +133,11 @@ struct dsa_st
         char *method_mont_p;
         int references;
         CRYPTO_EX_DATA ex_data;
+#if 0
         DSA_METHOD *meth;
+#else
+        struct engine_st *engine;
+#endif
         };
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -156,12 +163,20 @@ int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 
 DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
+void        DSA_set_default_openssl_method(DSA_METHOD *);
+DSA_METHOD *DSA_get_default_openssl_method(void);
+#if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
+#else
+int DSA_set_method(DSA *dsa, struct engine_st *engine);
+#endif
 
 DSA *   DSA_new(void);
+#if 0
 DSA *   DSA_new_method(DSA_METHOD *meth);
+#else
+DSA *   DSA_new_method(struct engine_st *engine);
+#endif
 int     DSA_size(DSA *);
         /* next 4 return -1 on error */
 int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
@@ -188,7 +203,7 @@ int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
 int     i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
 int     i2d_DSAparams(DSA *a,unsigned char **pp);
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     DSAparams_print(BIO *bp, DSA *x);
 int     DSA_print(BIO *bp, DSA *x, int off);
 #endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
index c9b32b4db7..a76c8f7c7e 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
@@ -10,7 +10,7 @@ DSA_SIG *DSA_SIG_new(void)
 {
         DSA_SIG *ret;
 
-        ret = Malloc(sizeof(DSA_SIG));
+        ret = OPENSSL_malloc(sizeof(DSA_SIG));
         if (ret == NULL)
                 {
                 DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
@@ -26,7 +26,7 @@ void DSA_SIG_free(DSA_SIG *r)
         if (r == NULL) return;
         if (r->r) BN_clear_free(r->r);
         if (r->s) BN_clear_free(r->s);
-        Free(r);
+        OPENSSL_free(r);
 }
 
 int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
@@ -35,7 +35,7 @@ int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
         ASN1_INTEGER rbs,sbs;
         unsigned char *p;
 
-        rbs.data=Malloc(BN_num_bits(v->r)/8+1);
+        rbs.data=OPENSSL_malloc(BN_num_bits(v->r)/8+1);
         if (rbs.data == NULL)
                 {
                 DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
@@ -43,10 +43,10 @@ int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
                 }
         rbs.type=V_ASN1_INTEGER;
         rbs.length=BN_bn2bin(v->r,rbs.data);
-        sbs.data=Malloc(BN_num_bits(v->s)/8+1);
+        sbs.data=OPENSSL_malloc(BN_num_bits(v->s)/8+1);
         if (sbs.data == NULL)
                 {
-                Free(rbs.data);
+                OPENSSL_free(rbs.data);
                 DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
                 return(0);
                 }
@@ -64,8 +64,8 @@ int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
                 i2d_ASN1_INTEGER(&sbs,&p);
                 }
         t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
-        Free(rbs.data);
-        Free(sbs.data);
+        OPENSSL_free(rbs.data);
+        OPENSSL_free(sbs.data);
         return(t);
 }
 
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 5aef2d5fcf..af3c56d770 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -84,7 +84,7 @@ int DSA_generate_key(DSA *dsa)
         i=BN_num_bits(dsa->q);
         for (;;)
                 {
-                if (!BN_rand(priv_key,i,1,0))
+                if (!BN_rand(priv_key,i,0,0))
                         goto err;
                 if (BN_cmp(priv_key,dsa->q) >= 0)
                         BN_sub(priv_key,priv_key,dsa->q);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
index 224e412afc..b31b946ad3 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -63,6 +63,7 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
@@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method;
 static int dsa_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
 
-void DSA_set_default_method(DSA_METHOD *meth)
+void DSA_set_default_openssl_method(DSA_METHOD *meth)
 {
-        default_DSA_method = meth;
+        ENGINE *e;
+        /* We'll need to notify the "openssl" ENGINE of this
+         * change too. We won't bother locking things down at
+         * our end as there was never any locking in these
+         * functions! */
+        if(default_DSA_method != meth)
+                {
+                default_DSA_method = meth;
+                e = ENGINE_by_id("openssl");
+                if(e)
+                        {
+                        ENGINE_set_DSA(e, meth);
+                        ENGINE_free(e);
+                        }
+                }
 }
 
-DSA_METHOD *DSA_get_default_method(void)
+DSA_METHOD *DSA_get_default_openssl_method(void)
 {
         if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
         return default_DSA_method;
@@ -86,6 +101,7 @@ DSA *DSA_new(void)
         return DSA_new_method(NULL);
 }
 
+#if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
 {
         DSA_METHOD *mtmp;
@@ -95,21 +111,52 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
         if (meth->init) meth->init(dsa);
         return mtmp;
 }
+#else
+int DSA_set_method(DSA *dsa, ENGINE *engine)
+        {
+        ENGINE *mtmp;
+        DSA_METHOD *meth;
+        mtmp = dsa->engine;
+        meth = ENGINE_get_DSA(mtmp);
+        if (!ENGINE_init(engine))
+                return 0;
+        if (meth->finish) meth->finish(dsa);
+        dsa->engine = engine;
+        meth = ENGINE_get_DSA(engine);
+        if (meth->init) meth->init(dsa);
+        /* SHOULD ERROR CHECK THIS!!! */
+        ENGINE_finish(mtmp);
+        return 1;
+        }
+#endif
 
 
+#if 0
 DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+DSA *DSA_new_method(ENGINE *engine)
+#endif
         {
+        DSA_METHOD *meth;
         DSA *ret;
 
-        ret=(DSA *)Malloc(sizeof(DSA));
+        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
         if (ret == NULL)
                 {
                 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
                 return(NULL);
                 }
-        if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
-        if(meth) ret->meth = meth;
-        else ret->meth = default_DSA_method;
+        if(engine)
+                ret->engine = engine;
+        else
+                {
+                if((ret->engine=ENGINE_get_default_DSA()) == NULL)
+                        {
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+        meth = ENGINE_get_DSA(ret->engine);
         ret->pad=0;
         ret->version=0;
         ret->write_params=1;
@@ -125,10 +172,10 @@ DSA *DSA_new_method(DSA_METHOD *meth)
         ret->method_mont_p=NULL;
 
         ret->references=1;
-        ret->flags=ret->meth->flags;
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+        ret->flags=meth->flags;
+        if ((meth->init != NULL) && !meth->init(ret))
                 {
-                Free(ret);
+                OPENSSL_free(ret);
                 ret=NULL;
                 }
         else
@@ -139,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 
 void DSA_free(DSA *r)
         {
+        DSA_METHOD *meth;
         int i;
 
         if (r == NULL) return;
@@ -158,7 +206,9 @@ void DSA_free(DSA *r)
 
         CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
 
-        if(r->meth->finish) r->meth->finish(r);
+        meth = ENGINE_get_DSA(r->engine);
+        if(meth->finish) meth->finish(r);
+        ENGINE_finish(r->engine);
 
         if (r->p != NULL) BN_clear_free(r->p);
         if (r->q != NULL) BN_clear_free(r->q);
@@ -167,7 +217,7 @@ void DSA_free(DSA *r)
         if (r->priv_key != NULL) BN_clear_free(r->priv_key);
         if (r->kinv != NULL) BN_clear_free(r->kinv);
         if (r->r != NULL) BN_clear_free(r->r);
-        Free(r);
+        OPENSSL_free(r);
         }
 
 int DSA_size(DSA *r)
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index b51cf6ad8d..96295dc24f 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -181,7 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         /* Get random k */
         for (;;)
                 {
-                if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
+                if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
                 if (BN_cmp(&k,dsa->q) >= 0)
                         BN_sub(&k,&k,dsa->q);
                 if (!BN_is_zero(&k)) break;
@@ -195,7 +196,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 }
 
         /* Compute r = (g^k mod p) mod q */
-        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+        if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
                 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
         if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -273,7 +274,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
         if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
         {
-        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+        if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
                                                 dsa->p,ctx,mont)) goto err;
         /* BN_copy(&u1,&t1); */
         /* let u1 = u1 mod q */
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index 89205026f0..dfe27bae47 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -64,10 +64,11 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
-        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+        return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
         }
 
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         {
-        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+        return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
         }
 
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 03277f80fd..2e891ae491 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -65,11 +65,12 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
         {
-        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+        return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
         }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/src/lib/libssl/src/crypto/dso/Makefile.ssl b/src/lib/libssl/src/crypto/dso/Makefile.ssl
new file mode 100644
index 0000000000..effc46d2dc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/Makefile.ssl
@@ -0,0 +1,140 @@
+#
+# SSLeay/crypto/dso/Makefile
+#
+
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB)
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @$(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dso_dl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_dl.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_dl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dso_dlfcn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_dlfcn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_dlfcn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dlfcn.o: ../cryptlib.h
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/err.h
+dso_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_err.o: ../../include/openssl/symhacks.h
+dso_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dso_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_null.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_null.o: ../cryptlib.h
+dso_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_openssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dso_vms.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_vms.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_vms.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dso_win32.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dso_win32.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+dso_win32.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_win32.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/dso/README b/src/lib/libssl/src/crypto/dso/README
new file mode 100644
index 0000000000..6ba03c5631
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/README
@@ -0,0 +1,24 @@
+TODO
+----
+
+Find a way where name-translation can be done in a way that is
+sensitive to particular methods (ie. generic code could still do
+different path/filename substitutions on win32 to what it does on
+*nix) but doesn't assume some canonical form. Already one case
+exists where the "blah -> (libblah.so,blah.dll)" mapping doesn't
+suffice. I suspect a callback with an enumerated (or string?)
+parameter could be the way to go here ... DSO_ctrl the callback
+into place and it can be invoked to handle name translation with
+some clue to the calling code as to what kind of system it is.
+
+NOTES
+-----
+
+I've checked out HPUX (well, version 11 at least) and shl_t is
+a pointer type so it's safe to use in the way it has been in
+dso_dl.c. On the other hand, HPUX11 support dlfcn too and
+according to their man page, prefer developers to move to that.
+I'll leave Richard's changes there as I guess dso_dl is needed
+for HPUX10.20.
+
+
diff --git a/src/lib/libssl/src/crypto/dso/dso.h b/src/lib/libssl/src/crypto/dso/dso.h
new file mode 100644
index 0000000000..bed7c464a6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso.h
@@ -0,0 +1,250 @@
+/* dso.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DSO_H
+#define HEADER_DSO_H
+
+#include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+#define DSO_CTRL_GET_FLAGS      1
+#define DSO_CTRL_SET_FLAGS      2
+#define DSO_CTRL_OR_FLAGS       3
+
+/* These flags control the translation of file-names from canonical to
+ * native. Eg. in the CryptoSwift support, the "dl" and "dlfcn"
+ * methods will translate "swift" -> "libswift.so" whereas the "win32"
+ * method will translate "swift" -> "swift.dll". NB: Until I can figure
+ * out how to be more "conventional" with this, the methods will only
+ * honour this flag if it looks like it was passed a file without any
+ * path and if the filename is small enough.
+ */
+#define DSO_FLAG_NAME_TRANSLATION 0x01
+
+/* The following flag controls the translation of symbol names to upper
+ * case.  This is currently only being implemented for OpenVMS.
+ */
+#define DSO_FLAG_UPCASE_SYMBOL    0x02
+
+
+typedef void (*DSO_FUNC_TYPE)(void);
+
+typedef struct dso_st DSO;
+
+typedef struct dso_meth_st
+        {
+        const char *name;
+        /* Loads a shared library */
+        int (*dso_load)(DSO *dso, const char *filename);
+        /* Unloads a shared library */
+        int (*dso_unload)(DSO *dso);
+        /* Binds a variable */
+        void *(*dso_bind_var)(DSO *dso, const char *symname);
+        /* Binds a function - assumes a return type of DSO_FUNC_TYPE.
+         * This should be cast to the real function prototype by the
+         * caller. Platforms that don't have compatible representations
+         * for different prototypes (this is possible within ANSI C)
+         * are highly unlikely to have shared libraries at all, let
+         * alone a DSO_METHOD implemented for them. */
+        DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
+
+/* I don't think this would actually be used in any circumstances. */
+#if 0
+        /* Unbinds a variable */
+        int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
+        /* Unbinds a function */
+        int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+#endif
+        /* The generic (yuck) "ctrl()" function. NB: Negative return
+         * values (rather than zero) indicate errors. */
+        long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
+
+        /* [De]Initialisation handlers. */
+        int (*init)(DSO *dso);
+        int (*finish)(DSO *dso);
+        } DSO_METHOD;
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st
+        {
+        DSO_METHOD *meth;
+        /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
+         * doesn't use anything but will need to cache the filename
+         * for use in the dso_bind handler. All in all, let each
+         * method control its own destiny. "Handles" and such go in
+         * a STACK. */
+        STACK *meth_data;
+        int references;
+        int flags;
+        /* For use by applications etc ... use this for your bits'n'pieces,
+         * don't touch meth_data! */
+        CRYPTO_EX_DATA ex_data;
+        };
+
+
+DSO *   DSO_new(void);
+DSO *   DSO_new_method(DSO_METHOD *method);
+int     DSO_free(DSO *dso);
+int     DSO_flags(DSO *dso);
+int     DSO_up(DSO *dso);
+long    DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+void DSO_set_default_method(DSO_METHOD *meth);
+DSO_METHOD *DSO_get_default_method(void);
+DSO_METHOD *DSO_get_method(DSO *dso);
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
+
+/* The all-singing all-dancing load function, you normally pass NULL
+ * for the first and third parameters. Use DSO_up and DSO_free for
+ * subsequent reference count handling. Any flags passed in will be set
+ * in the constructed DSO after its init() function but before the
+ * load operation. This will be done with;
+ *    DSO_ctrl(dso, DSO_CTRL_SET_FLAGS, flags, NULL); */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a variable inside a shared library. */
+void *DSO_bind_var(DSO *dso, const char *symname);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/* This method is the default, but will beg, borrow, or steal whatever
+ * method should be the default on any particular platform (including
+ * DSO_METH_null() if necessary). */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/* This method is defined for all platforms - if a platform has no
+ * DSO support then this will be the only method! */
+DSO_METHOD *DSO_METHOD_null(void);
+
+/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
+ * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dlfcn(void);
+
+/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
+ * shl_unload, shl_findsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dl(void);
+
+/* If WIN32 is defined, use DLLs. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_win32(void);
+
+/* If VMS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_vms(void);
+
+void ERR_load_DSO_strings(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+#define DSO_F_DLFCN_BIND_FUNC                            100
+#define DSO_F_DLFCN_BIND_VAR                             101
+#define DSO_F_DLFCN_CTRL                                 102
+#define DSO_F_DLFCN_LOAD                                 103
+#define DSO_F_DLFCN_UNLOAD                               104
+#define DSO_F_DL_BIND_FUNC                               105
+#define DSO_F_DL_BIND_VAR                                106
+#define DSO_F_DL_CTRL                                    107
+#define DSO_F_DL_LOAD                                    108
+#define DSO_F_DL_UNLOAD                                  109
+#define DSO_F_DSO_BIND_FUNC                              110
+#define DSO_F_DSO_BIND_VAR                               111
+#define DSO_F_DSO_CTRL                                   112
+#define DSO_F_DSO_FREE                                   113
+#define DSO_F_DSO_LOAD                                   114
+#define DSO_F_DSO_NEW_METHOD                             115
+#define DSO_F_DSO_UP                                     116
+#define DSO_F_VMS_BIND_VAR                               122
+#define DSO_F_VMS_CTRL                                   123
+#define DSO_F_VMS_LOAD                                   124
+#define DSO_F_VMS_UNLOAD                                 125
+#define DSO_F_WIN32_BIND_FUNC                            117
+#define DSO_F_WIN32_BIND_VAR                             118
+#define DSO_F_WIN32_CTRL                                 119
+#define DSO_F_WIN32_LOAD                                 120
+#define DSO_F_WIN32_UNLOAD                               121
+
+/* Reason codes. */
+#define DSO_R_CTRL_FAILED                                100
+#define DSO_R_FILENAME_TOO_BIG                           109
+#define DSO_R_FINISH_FAILED                              101
+#define DSO_R_LOAD_FAILED                                102
+#define DSO_R_NULL_HANDLE                                103
+#define DSO_R_STACK_ERROR                                104
+#define DSO_R_SYM_FAILURE                                105
+#define DSO_R_UNKNOWN_COMMAND                            106
+#define DSO_R_UNLOAD_FAILED                              107
+#define DSO_R_UNSUPPORTED                                108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c
new file mode 100644
index 0000000000..69810fc3bb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_dl.c
@@ -0,0 +1,251 @@
+/* dso_dl.c */
+/* Written by Richard Levitte (levitte@openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+       {
+       return NULL;
+       }
+#else
+
+#include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso, const char *filename);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+#endif
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+static DSO_METHOD dso_meth_dl = {
+        "OpenSSL 'dl' shared library method",
+        dl_load,
+        dl_unload,
+        dl_bind_var,
+        dl_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        dl_ctrl,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_dl(void)
+        {
+        return(&dso_meth_dl);
+        }
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (shl_t) returned from shl_load().
+ * NB: I checked on HPUX11 and shl_t is itself a pointer
+ * type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso, const char *filename)
+        {
+        shl_t ptr;
+        char translated[DSO_MAX_TRANSLATED_SIZE];
+        int len;
+
+        /* The same comment as in dlfcn_load applies here. bleurgh. */
+        len = strlen(filename);
+        if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
+                        (len + 6 < DSO_MAX_TRANSLATED_SIZE) &&
+                        (strstr(filename, "/") == NULL))
+                {
+                sprintf(translated, "lib%s.so", filename);
+                ptr = shl_load(translated, BIND_IMMEDIATE, NULL);
+                }
+        else
+                ptr = shl_load(filename, BIND_IMMEDIATE, NULL);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+                return(0);
+                }
+        if(!sk_push(dso->meth_data, (char *)ptr))
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
+                shl_unload(ptr);
+                return(0);
+                }
+        return(1);
+        }
+
+static int dl_unload(DSO *dso)
+        {
+        shl_t ptr;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        /* Is this statement legal? */
+        ptr = (shl_t)sk_pop(dso->meth_data);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
+                /* Should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)ptr);
+                return(0);
+                }
+        shl_unload(ptr);
+        return(1);
+        }
+
+static void *dl_bind_var(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DL_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        switch(cmd)
+                {
+        case DSO_CTRL_GET_FLAGS:
+                return dso->flags;
+        case DSO_CTRL_SET_FLAGS:
+                dso->flags = (int)larg;
+                return(0);
+        case DSO_CTRL_OR_FLAGS:
+                dso->flags |= (int)larg;
+                return(0);
+        default:
+                break;
+                }
+        DSOerr(DSO_F_DL_CTRL,DSO_R_UNKNOWN_COMMAND);
+        return(-1);
+        }
+
+#endif /* DSO_DL */
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
new file mode 100644
index 0000000000..e709c721cc
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -0,0 +1,276 @@
+/* dso_dlfcn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DLFCN
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+        {
+        return NULL;
+        }
+#else
+
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+/* Part of the hack in "dlfcn_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso, const char *filename);
+static int dlfcn_unload(DSO *dso);
+static void *dlfcn_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
+static int dlfcn_init(DSO *dso);
+static int dlfcn_finish(DSO *dso);
+#endif
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+static DSO_METHOD dso_meth_dlfcn = {
+        "OpenSSL 'dlfcn' shared library method",
+        dlfcn_load,
+        dlfcn_unload,
+        dlfcn_bind_var,
+        dlfcn_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        dlfcn_ctrl,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+        {
+        return(&dso_meth_dlfcn);
+        }
+
+/* Prior to using the dlopen() function, we should decide on the flag
+ * we send. There's a few different ways of doing this and it's a
+ * messy venn-diagram to match up which platforms support what. So
+ * as we don't have autoconf yet, I'm implementing a hack that could
+ * be hacked further relatively easily to deal with cases as we find
+ * them. Initially this is to cope with OpenBSD. */
+#ifdef __OpenBSD__
+#       ifdef DL_LAZY
+#               define DLOPEN_FLAG DL_LAZY
+#       else
+#               ifdef RTLD_NOW
+#                       define DLOPEN_FLAG RTLD_NOW
+#               else
+#                       define DLOPEN_FLAG 0
+#               endif
+#       endif
+#else
+#       define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#endif
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso, const char *filename)
+        {
+        void *ptr;
+        char translated[DSO_MAX_TRANSLATED_SIZE];
+        int len;
+
+        /* NB: This is a hideous hack, but I'm not yet sure what
+         * to replace it with. This attempts to convert any filename,
+         * that looks like it has no path information, into a
+         * translated form, e. "blah" -> "libblah.so" */
+        len = strlen(filename);
+        if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
+                        (len + 6 < DSO_MAX_TRANSLATED_SIZE) &&
+                        (strstr(filename, "/") == NULL))
+                {
+                sprintf(translated, "lib%s.so", filename);
+                ptr = dlopen(translated, DLOPEN_FLAG);
+                }
+        else
+                {
+                ptr = dlopen(filename, DLOPEN_FLAG);
+                }
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
+                return(0);
+                }
+        if(!sk_push(dso->meth_data, (char *)ptr))
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
+                dlclose(ptr);
+                return(0);
+                }
+        return(1);
+        }
+
+static int dlfcn_unload(DSO *dso)
+        {
+        void *ptr;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        ptr = (void *)sk_pop(dso->meth_data);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
+                /* Should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)ptr);
+                return(0);
+                }
+        /* For now I'm not aware of any errors associated with dlclose() */
+        dlclose(ptr);
+        return(1);
+        }
+
+static void *dlfcn_bind_var(DSO *dso, const char *symname)
+        {
+        void *ptr, *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = dlsym(ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+        {
+        void *ptr;
+        DSO_FUNC_TYPE sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = (DSO_FUNC_TYPE)dlsym(ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        switch(cmd)
+                {
+        case DSO_CTRL_GET_FLAGS:
+                return dso->flags;
+        case DSO_CTRL_SET_FLAGS:
+                dso->flags = (int)larg;
+                return(0);
+        case DSO_CTRL_OR_FLAGS:
+                dso->flags |= (int)larg;
+                return(0);
+        default:
+                break;
+                }
+        DSOerr(DSO_F_DLFCN_CTRL,DSO_R_UNKNOWN_COMMAND);
+        return(-1);
+        }
+
+#endif /* DSO_DLFCN */
diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c
new file mode 100644
index 0000000000..a3d7321c9b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_err.c
@@ -0,0 +1,128 @@
+/* crypto/dso/dso_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dso.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DSO_str_functs[]=
+        {
+{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0),   "DLFCN_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0),    "DLFCN_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DLFCN_CTRL,0),        "DLFCN_CTRL"},
+{ERR_PACK(0,DSO_F_DLFCN_LOAD,0),        "DLFCN_LOAD"},
+{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0),      "DLFCN_UNLOAD"},
+{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0),      "DL_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DL_BIND_VAR,0),       "DL_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DL_CTRL,0),   "DL_CTRL"},
+{ERR_PACK(0,DSO_F_DL_LOAD,0),   "DL_LOAD"},
+{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"},
+{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0),     "DSO_bind_func"},
+{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0),      "DSO_bind_var"},
+{ERR_PACK(0,DSO_F_DSO_CTRL,0),  "DSO_ctrl"},
+{ERR_PACK(0,DSO_F_DSO_FREE,0),  "DSO_free"},
+{ERR_PACK(0,DSO_F_DSO_LOAD,0),  "DSO_load"},
+{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0),    "DSO_new_method"},
+{ERR_PACK(0,DSO_F_DSO_UP,0),    "DSO_up"},
+{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0),      "VMS_BIND_VAR"},
+{ERR_PACK(0,DSO_F_VMS_CTRL,0),  "VMS_CTRL"},
+{ERR_PACK(0,DSO_F_VMS_LOAD,0),  "VMS_LOAD"},
+{ERR_PACK(0,DSO_F_VMS_UNLOAD,0),        "VMS_UNLOAD"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0),   "WIN32_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0),    "WIN32_BIND_VAR"},
+{ERR_PACK(0,DSO_F_WIN32_CTRL,0),        "WIN32_CTRL"},
+{ERR_PACK(0,DSO_F_WIN32_LOAD,0),        "WIN32_LOAD"},
+{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0),      "WIN32_UNLOAD"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA DSO_str_reasons[]=
+        {
+{DSO_R_CTRL_FAILED                       ,"control command failed"},
+{DSO_R_FILENAME_TOO_BIG                  ,"filename too big"},
+{DSO_R_FINISH_FAILED                     ,"cleanup method function failed"},
+{DSO_R_LOAD_FAILED                       ,"could not load the shared library"},
+{DSO_R_NULL_HANDLE                       ,"a null shared library handle was used"},
+{DSO_R_STACK_ERROR                       ,"the meth_data stack is corrupt"},
+{DSO_R_SYM_FAILURE                       ,"could not bind to the requested symbol name"},
+{DSO_R_UNKNOWN_COMMAND                   ,"unknown control command"},
+{DSO_R_UNLOAD_FAILED                     ,"could not unload the shared library"},
+{DSO_R_UNSUPPORTED                       ,"functionality not supported"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_DSO_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
+                ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c
new file mode 100644
index 0000000000..acd166697e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_lib.c
@@ -0,0 +1,306 @@
+/* dso_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+DSO *DSO_new(void)
+        {
+        return(DSO_new_method(NULL));
+        }
+
+void DSO_set_default_method(DSO_METHOD *meth)
+        {
+        default_DSO_meth = meth;
+        }
+
+DSO_METHOD *DSO_get_default_method(void)
+        {
+        return(default_DSO_meth);
+        }
+
+DSO_METHOD *DSO_get_method(DSO *dso)
+        {
+        return(dso->meth);
+        }
+
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
+        {
+        DSO_METHOD *mtmp;
+        mtmp = dso->meth;
+        dso->meth = meth;
+        return(mtmp);
+        }
+
+DSO *DSO_new_method(DSO_METHOD *meth)
+        {
+        DSO *ret;
+
+        if(default_DSO_meth == NULL)
+                /* We default to DSO_METH_openssl() which in turn defaults
+                 * to stealing the "best available" method. Will fallback
+                 * to DSO_METH_null() in the worst case. */
+                default_DSO_meth = DSO_METHOD_openssl();
+        ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+        if(ret == NULL)
+                {
+                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret, 0, sizeof(DSO));
+        ret->meth_data = sk_new_null();
+        if((ret->meth_data = sk_new_null()) == NULL)
+                {
+                /* sk_new doesn't generate any errors so we do */
+                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(ret);
+                return(NULL);
+                }
+        if(meth == NULL)
+                ret->meth = default_DSO_meth;
+        else
+                ret->meth = meth;
+        ret->references = 1;
+        if((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+int DSO_free(DSO *dso)
+        {
+        int i;
+ 
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+ 
+        i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
+#ifdef REF_PRINT
+        REF_PRINT("DSO",dso);
+#endif
+        if(i > 0) return(1);
+#ifdef REF_CHECK
+        if(i < 0)
+                {
+                fprintf(stderr,"DSO_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
+                {
+                DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
+                return(0);
+                }
+ 
+        if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
+                {
+                DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
+                return(0);
+                }
+        
+        sk_free(dso->meth_data);
+ 
+        OPENSSL_free(dso);
+        return(1);
+        }
+
+int DSO_flags(DSO *dso)
+        {
+        return((dso == NULL) ? 0 : dso->flags);
+        }
+
+
+int DSO_up(DSO *dso)
+        {
+        if (dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_UP,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+
+        CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
+        return(1);
+        }
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+        {
+        DSO *ret;
+        int allocated = 0;
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DSO_LOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(dso == NULL)
+                {
+                ret = DSO_new_method(meth);
+                if(ret == NULL)
+                        {
+                        DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                allocated = 1;
+                }
+        else
+                ret = dso;
+        /* Bleurgh ... have to check for negative return values for
+         * errors. <grimace> */
+        if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
+                if(allocated)
+                        DSO_free(ret);
+                return(NULL);
+                }
+        if(ret->meth->dso_load == NULL)
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
+                if(allocated)
+                        DSO_free(ret);
+                return(NULL);
+                }
+        if(!ret->meth->dso_load(ret, filename))
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
+                if(allocated)
+                        DSO_free(ret);
+                return(NULL);
+                }
+        /* Load succeeded */
+        return(ret);
+        }
+
+void *DSO_bind_var(DSO *dso, const char *symname)
+        {
+        void *ret = NULL;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(dso->meth->dso_bind_var == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
+                return(NULL);
+                }
+        if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        /* Success */
+        return(ret);
+        }
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+        {
+        DSO_FUNC_TYPE ret = NULL;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(dso->meth->dso_bind_func == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
+                return(NULL);
+                }
+        if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        /* Success */
+        return(ret);
+        }
+
+/* I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for
+ * any error because possible DSO_ctrl() commands may return values
+ * such as "size"s that can legitimately be zero (making the standard
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at
+ * odd times. I'd prefer "output" values to be passed by reference and
+ * the return value as success/failure like usual ... but we conform
+ * when we must... :-) */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
+                {
+                DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
+                return(-1);
+                }
+        return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
+        }
diff --git a/src/lib/libssl/src/crypto/dso/dso_null.c b/src/lib/libssl/src/crypto/dso/dso_null.c
new file mode 100644
index 0000000000..fa13a7cb0f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_null.c
@@ -0,0 +1,86 @@
+/* dso_null.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* This "NULL" method is provided as the fallback for systems that have
+ * no appropriate support for "shared-libraries". */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD dso_meth_null = {
+        "NULL shared library method",
+        NULL, /* load */
+        NULL, /* unload */
+        NULL, /* bind_var */
+        NULL, /* bind_func */
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_null(void)
+        {
+        return(&dso_meth_null);
+        }
+
diff --git a/src/lib/libssl/src/crypto/dso/dso_openssl.c b/src/lib/libssl/src/crypto/dso/dso_openssl.c
new file mode 100644
index 0000000000..a4395ebffe
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_openssl.c
@@ -0,0 +1,81 @@
+/* dso_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+/* We just pinch the method from an appropriate "default" method. */
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+        {
+#ifdef DEF_DSO_METHOD
+        return(DEF_DSO_METHOD());
+#elif defined(DSO_DLFCN)
+        return(DSO_METHOD_dlfcn());
+#elif defined(DSO_DL)
+        return(DSO_METHOD_dl());
+#elif defined(DSO_WIN32)
+        return(DSO_METHOD_win32());
+#elif defined(DSO_VMS)
+        return(DSO_METHOD_vms());
+#else
+        return(DSO_METHOD_null());
+#endif
+        }
+
diff --git a/src/lib/libssl/src/crypto/dso/dso_vms.c b/src/lib/libssl/src/crypto/dso/dso_vms.c
new file mode 100644
index 0000000000..8ff7090129
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_vms.c
@@ -0,0 +1,371 @@
+/* dso_vms.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#ifdef VMS
+#pragma message disable DOLLARID
+#include <lib$routines.h>
+#include <libfisdef.h>
+#include <stsdef.h>
+#include <descrip.h>
+#include <starlet.h>
+#endif
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return NULL;
+        }
+#else
+#pragma message disable DOLLARID
+
+static int vms_load(DSO *dso, const char *filename);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+#if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+#endif
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+static DSO_METHOD dso_meth_vms = {
+        "OpenSSL 'VMS' shared library method",
+        vms_load,
+        NULL, /* unload */
+        vms_bind_var,
+        vms_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        vms_ctrl,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st
+        {
+        /* This should contain the name only, no directory,
+         * no extension, nothing but a name. */
+        struct dsc$descriptor_s filename_dsc;
+        char filename[FILENAME_MAX+1];
+        /* This contains whatever is not in filename, if needed.
+         * Normally not defined. */
+        struct dsc$descriptor_s imagename_dsc;
+        char imagename[FILENAME_MAX+1];
+        } DSO_VMS_INTERNAL;
+
+
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return(&dso_meth_vms);
+        }
+
+static int vms_load(DSO *dso, const char *filename)
+        {
+        DSO_VMS_INTERNAL *p;
+        const char *sp1, *sp2;  /* Search result */
+
+        /* A file specification may look like this:
+         *
+         *      node::dev:[dir-spec]name.type;ver
+         *
+         * or (for compatibility with TOPS-20):
+         *
+         *      node::dev:<dir-spec>name.type;ver
+         *
+         * and the dir-spec uses '.' as separator.  Also, a dir-spec
+         * may consist of several parts, with mixed use of [] and <>:
+         *
+         *      [dir1.]<dir2>
+         *
+         * We need to split the file specification into the name and
+         * the rest (both before and after the name itself).
+         */
+        /* Start with trying to find the end of a dir-spec, and save the
+           position of the byte after in sp1 */
+        sp1 = strrchr(filename, ']');
+        sp2 = strrchr(filename, '>');
+        if (sp1 == NULL) sp1 = sp2;
+        if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
+        if (sp1 == NULL) sp1 = strrchr(filename, ':');
+        if (sp1 == NULL)
+                sp1 = filename;
+        else
+                sp1++;          /* The byte after the found character */
+        /* Now, let's see if there's a type, and save the position in sp2 */
+        sp2 = strchr(sp1, '.');
+        /* If we found it, that's where we'll cut.  Otherwise, look for a
+           version number and save the position in sp2 */
+        if (sp2 == NULL) sp2 = strchr(sp1, ';');
+        /* If there was still nothing to find, set sp2 to point at the end of
+           the string */
+        if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
+
+        /* Check that we won't get buffer overflows */
+        if (sp2 - sp1 > FILENAME_MAX
+                || (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
+                return(0);
+                }
+
+        p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        strncpy(p->filename, sp1, sp2-sp1);
+        p->filename[sp2-sp1] = '\0';
+
+        strncpy(p->imagename, filename, sp1-filename);
+        p->imagename[sp1-filename] = '\0';
+        strcat(p->imagename, sp2);
+
+        p->filename_dsc.dsc$w_length = strlen(p->filename);
+        p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->filename_dsc.dsc$a_pointer = p->filename;
+        p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+        p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+        if(!sk_push(dso->meth_data, (char *)p))
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
+                OPENSSL_free(p);
+                return(0);
+                }
+        return(1);
+        }
+
+/* Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+        {
+        DSO_VMS_INTERNAL *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+
+/* We must do this in a separate function because of the way the exception
+   handler works (it makes this function return */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+        struct dsc$descriptor_s *symname_dsc, void **sym,
+        unsigned long flags)
+        {
+        /* Make sure that signals are caught and returned instead of
+           aborting the program.  The exception handler gets unestablished
+           automatically on return from this function.  */
+        lib$establish(lib$sig_to_ret);
+
+        if(ptr->imagename_dsc.dsc$w_length)
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        &ptr->imagename_dsc, flags);
+        else
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        0, flags);
+        }
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+        {
+        DSO_VMS_INTERNAL *ptr;
+        int status;
+        int flags = LIB$M_FIS_MIXEDCASE;
+        struct dsc$descriptor_s symname_dsc;
+        *sym = NULL;
+
+        symname_dsc.dsc$w_length = strlen(symname);
+        symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+        symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return;
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_STACK_ERROR);
+                return;
+                }
+        ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+                sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_NULL_HANDLE);
+                return;
+                }
+
+        if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
+
+        status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+        if(!$VMS_STATUS_SUCCESS(status))
+                {
+                unsigned short length;
+                char errstring[257];
+                struct dsc$descriptor_s errstring_dsc;
+
+                errstring_dsc.dsc$w_length = sizeof(errstring);
+                errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+                errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+                errstring_dsc.dsc$a_pointer = errstring;
+
+                *sym = NULL;
+
+                status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+                if (!$VMS_STATUS_SUCCESS(status))
+                        lib$signal(status); /* This is really bad.  Abort!  */
+                else
+                        {
+                        errstring[length] = '\0';
+
+                        DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_SYM_FAILURE);
+                        if (ptr->imagename_dsc.dsc$w_length)
+                                ERR_add_error_data(9,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        " (", ptr->imagename, ")",
+                                        ": ", errstring);
+                        else
+                                ERR_add_error_data(6,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        ": ", errstring);
+                        }
+                return;
+                }
+        return;
+        }
+
+static void *vms_bind_var(DSO *dso, const char *symname)
+        {
+        void *sym = 0;
+        vms_bind_sym(dso, symname, &sym);
+        return sym;
+        }
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+        {
+        DSO_FUNC_TYPE sym = 0;
+        vms_bind_sym(dso, symname, (void **)&sym);
+        return sym;
+        }
+
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_VMS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        switch(cmd)
+                {
+        case DSO_CTRL_GET_FLAGS:
+                return dso->flags;
+        case DSO_CTRL_SET_FLAGS:
+                dso->flags = (int)larg;
+                return(0);
+        case DSO_CTRL_OR_FLAGS:
+                dso->flags |= (int)larg;
+                return(0);
+        default:
+                break;
+                }
+        DSOerr(DSO_F_VMS_CTRL,DSO_R_UNKNOWN_COMMAND);
+        return(-1);
+        }
+
+#endif /* VMS */
diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c
new file mode 100644
index 0000000000..7f1d904806
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dso/dso_win32.c
@@ -0,0 +1,273 @@
+/* dso_win32.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef WIN32
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return NULL;
+        }
+#else
+
+/* Part of the hack in "win32_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso, const char *filename);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+#if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+#endif
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+static DSO_METHOD dso_meth_win32 = {
+        "OpenSSL 'win32' shared library method",
+        win32_load,
+        win32_unload,
+        win32_bind_var,
+        win32_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        win32_ctrl,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return(&dso_meth_win32);
+        }
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) a pointer to the handle (HINSTANCE) returned from
+ *     LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso, const char *filename)
+        {
+        HINSTANCE h, *p;
+        char translated[DSO_MAX_TRANSLATED_SIZE];
+        int len;
+
+        /* NB: This is a hideous hack, but I'm not yet sure what
+         * to replace it with. This attempts to convert any filename,
+         * that looks like it has no path information, into a
+         * translated form, e. "blah" -> "blah.dll" ... I'm more
+         * comfortable putting hacks into win32 code though ;-) */
+        len = strlen(filename);
+        if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
+                        (len + 4 < DSO_MAX_TRANSLATED_SIZE) &&
+                        (strstr(filename, "/") == NULL) &&
+                        (strstr(filename, "\\") == NULL) &&
+                        (strstr(filename, ":") == NULL))
+                {
+                sprintf(translated, "%s.dll", filename);
+                h = LoadLibrary(translated);
+                }
+        else
+                h = LoadLibrary(filename);
+        if(h == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
+                return(0);
+                }
+        p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
+                FreeLibrary(h);
+                return(0);
+                }
+        *p = h;
+        if(!sk_push(dso->meth_data, (char *)p))
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
+                FreeLibrary(h);
+                OPENSSL_free(p);
+                return(0);
+                }
+        return(1);
+        }
+
+static int win32_unload(DSO *dso)
+        {
+        HINSTANCE *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        p = (HINSTANCE *)sk_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        if(!FreeLibrary(*p))
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
+                /* We should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)p);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+
+/* Using GetProcAddress for variables? TODO: Check this out in
+ * the Win32 API docs, there's probably a variant for variables. */
+static void *win32_bind_var(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_WIN32_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        switch(cmd)
+                {
+        case DSO_CTRL_GET_FLAGS:
+                return dso->flags;
+        case DSO_CTRL_SET_FLAGS:
+                dso->flags = (int)larg;
+                return(0);
+        case DSO_CTRL_OR_FLAGS:
+                dso->flags |= (int)larg;
+                return(0);
+        default:
+                break;
+                }
+        DSOerr(DSO_F_WIN32_CTRL,DSO_R_UNKNOWN_COMMAND);
+        return(-1);
+        }
+
+#endif /* WIN32 */
diff --git a/src/lib/libssl/src/crypto/engine/Makefile.ssl b/src/lib/libssl/src/crypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..7a0ffe755d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/Makefile.ssl
@@ -0,0 +1,220 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c
+LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB)
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @$(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_err.o: ../../include/openssl/objects.h
+engine_err.o: ../../include/openssl/opensslconf.h
+engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_err.o: ../../include/openssl/symhacks.h
+engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_lib.o: ../../include/openssl/objects.h
+engine_lib.o: ../../include/openssl/opensslconf.h
+engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_list.o: ../../include/openssl/objects.h
+engine_list.o: ../../include/openssl/opensslconf.h
+engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+engine_openssl.o: ../../include/openssl/obj_mac.h
+engine_openssl.o: ../../include/openssl/objects.h
+engine_openssl.o: ../../include/openssl/opensslconf.h
+engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_atalla.o: ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_cswift.o: ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_ncipher.o: ../cryptlib.h engine_int.h vendor_defns/hwcryptohook.h
diff --git a/src/lib/libssl/src/crypto/engine/README b/src/lib/libssl/src/crypto/engine/README
new file mode 100644
index 0000000000..96595e6f35
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/README
@@ -0,0 +1,278 @@
+NOTES, THOUGHTS, and EVERYTHING
+-------------------------------
+
+(1) Concurrency and locking ... I made a change to the ENGINE_free code
+    because I spotted a potential hold-up in proceedings (doing too
+    much inside a lock including calling a callback), there may be
+    other bits like this. What do the speed/optimisation freaks think
+    of this aspect of the code and design? There's lots of locking for
+    manipulation functions and I need that to keep things nice and
+    solid, but this manipulation is mostly (de)initialisation, I would
+    think that most run-time locking is purely in the ENGINE_init and
+    ENGINE_finish calls that might be made when getting handles for
+    RSA (and friends') structures. These would be mostly reference
+    count operations as the functional references should always be 1
+    or greater at run-time to prevent init/deinit thrashing.
+
+(2) nCipher support, via the HWCryptoHook API, is now in the code.
+    Apparently this hasn't been tested too much yet, but it looks
+    good. :-) Atalla support has been added too, but shares a lot in
+    common with Ben's original hooks in bn_exp.c (although it has been
+    ENGINE-ified, and error handling wrapped around it) and it's also
+    had some low-volume testing, so it should be usable.
+
+(3) Of more concern, we need to work out (a) how to put together usable
+    RAND_METHODs for units that just have one "get n or less random
+    bytes" function, (b) we also need to determine how to hook the code
+    in crypto/rand/ to use the ENGINE defaults in a way similar to what
+    has been done in crypto/rsa/, crypto/dsa/, etc.
+
+(4) ENGINE should really grow to encompass more than 3 public key
+    algorithms and randomness gathering. The structure/data level of
+    the engine code is hidden from code outside the crypto/engine/
+    directory so change shouldn't be too viral. More important though
+    is how things should evolve ... this needs thought and discussion.
+
+
+-----------------------------------==*==-----------------------------------
+
+More notes 2000-08-01
+---------------------
+
+Geoff Thorpe, who designed the engine part, wrote a pretty good description
+of the thoughts he had when he built it, good enough to include verbatim here
+(with his permission)                                   -- Richard Levitte
+
+
+Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
+From: Geoff Thorpe
+Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
+ emerging
+
+Hi there,
+
+I'm going to try and do some justice to this, but I'm a little short on
+time and the there is an endless amount that could be discussed on this
+subject. sigh ... please bear with me :-)
+
+> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
+> into the RSA and RAND routines, adding a level of indirection which is needed
+> to keep the abstraction, as far as I understand.  It would be a good thing if
+> those who do play with those things took a look at the changes that have been
+> done in the branch and say out loud how much (or hopefully little) we've made
+> fools of ourselves.
+
+The point here is that the code that has emerged in the BRANCH_engine
+branch was based on some initial requirements of mine that I went in and
+addressed, and Richard has picked up the ball and run with it too. It
+would be really useful to get some review of the approach we've taken, but
+first I think I need to describe as best I can the reasons behind what has
+been done so far, in particular what issues we have tried to address when
+doing this, and what issues we have intentionally (or necessarily) tried
+to avoid.
+
+methods, engines, and evps
+--------------------------
+
+There has been some dicussion, particularly with Steve, about where this
+ENGINE stuff might fit into the conceptual picture as/when we start to
+abstract algorithms a little bit to make the library more extensible. In
+particular, it would desirable to have algorithms (symmetric, hash, pkc,
+etc) abstracted in some way that allows them to be just objects sitting in
+a list (or database) ... it'll just happen that the "DSA" object doesn't
+support encryption whereas the "RSA" object does. This requires a lot of
+consideration to begin to know how to tackle it; in particular how
+encapsulated should these things be? If the objects also understand their
+own ASN1 encodings and what-not, then it would for example be possible to
+add support for elliptic-curve DSA in as a new algorithm and automatically
+have ECC-DSA certificates supported in SSL applications. Possible, but not
+easy. :-)
+
+Whatever, it seems that the way to go (if I've grok'd Steve's comments on
+this in the past) is to amalgamate these things in EVP as is already done
+(I think) for ciphers or hashes (Steve, please correct/elaborate). I
+certainly think something should be done in this direction because right
+now we have different source directories, types, functions, and methods
+for each algorithm - even when conceptually they are very much different
+feathers of the same bird. (This is certainly all true for the public-key
+stuff, and may be partially true for the other parts.)
+
+ENGINE was *not* conceived as a way of solving this, far from it. Nor was
+it conceived as a way of replacing the various "***_METHOD"s. It was
+conceived as an abstraction of a sort of "virtual crypto device". If we
+lived in a world where "EVP_ALGO"s (or something like them) encapsulated
+particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
+encapsulated interfaces to algorithms (eg. some algo's might support a
+PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
+think that ENGINE would encapsulate an implementation of arbitrarily many
+of those algorithms - perhaps as alternatives to existing algorithms
+and/or perhaps as new previously unimplemented algorithms. An ENGINE could
+be used to contain an alternative software implementation, a wrapper for a
+hardware acceleration and/or key-management unit, a comms-wrapper for
+distributing cryptographic operations to remote machines, or any other
+"devices" your imagination can dream up.
+
+However, what has been done in the ENGINE branch so far is nothing more
+than starting to get our toes wet. I had a couple of self-imposed
+requirements when putting the initial abstraction together, and I may have
+already posed these in one form or another on the list, but briefly;
+
+   (i) only bother with public key algorithms for now, and maybe RAND too
+       (motivated by the need to get hardware support going and the fact
+       this was a comparitively easy subset to address to begin with).
+
+  (ii) don't change (if at all possible) the existing crypto code, ie. the
+       implementations, the way the ***_METHODs work, etc.
+
+ (iii) ensure that if no function from the ENGINE code is ever called then
+       things work the way they always did, and there is no memory
+       allocation (otherwise the failure to cleanup would be a problem -
+       this is part of the reason no STACKs were used, the other part of
+       the reason being I found them inappropriate).
+
+  (iv) ensure that all the built-in crypto was encapsulated by one of
+       these "ENGINE"s and that this engine was automatically selected as
+       the default.
+
+   (v) provide the minimum hooking possible in the existing crypto code
+       so that global functions (eg. RSA_public_encrypt) do not need any
+       extra parameter, yet will use whatever the current default ENGINE
+       for that RSA key is, and that the default can be set "per-key"
+       and globally (new keys will assume the global default, and keys
+       without their own default will be operated on using the global
+       default). NB: Try and make (v) conflict as little as possible with
+       (ii). :-)
+
+  (vi) wrap the ENGINE code up in duct tape so you can't even see the
+       corners. Ie. expose no structures at all, just black-box pointers.
+
+   (v) maintain internally a list of ENGINEs on which a calling
+       application can iterate, interrogate, etc. Allow a calling
+       application to hook in new ENGINEs, remove ENGINEs from the list,
+       and enforce uniqueness within the global list of each ENGINE's
+       "unique id".
+
+  (vi) keep reference counts for everything - eg. this includes storing a
+       reference inside each RSA structure to the ENGINE that it uses.
+       This is freed when the RSA structure is destroyed, or has its
+       ENGINE explicitly changed. The net effect needs to be that at any
+       time, it is deterministic to know whether an ENGINE is in use or
+       can be safely removed (or unloaded in the case of the other type
+       of reference) without invalidating function pointers that may or
+       may not be used indavertently in the future. This was actually
+       one of the biggest problems to overcome in the existing OpenSSL
+       code - implementations had always been assumed to be ever-present,
+       so there was no trivial way to get round this.
+
+ (vii) distinguish between structural references and functional
+       references.
+
+A *little* detail
+-----------------
+
+While my mind is on it; I'll illustrate the bit in item (vii). This idea
+turned out to be very handy - the ENGINEs themselves need to be operated
+on and manipulated simply as objects without necessarily trying to
+"enable" them for use. Eg. most host machines will not have the necessary
+hardware or software to support all the engines one might compile into
+OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
+querying their names, properties, etc - all happening in a thread-safe
+manner that uses reference counts (if you imagine two threads iterating
+through a list and one thread removing the ENGINE the other is currently
+looking at - you can see the gotcha waiting to happen). For all of this,
+*structural references* are used and operate much like the other reference
+counts in OpenSSL.
+
+The other kind of reference count is for *functional* references - these
+indicate a reference on which the caller can actually assume the
+particular ENGINE to be initialised and usable to perform the operations
+it implements. Any increment or decrement of the functional reference
+count automatically invokes a corresponding change in the structural
+reference count, as it is fairly obvious that a functional reference is a
+restricted case of a structural reference. So struct_ref >= funct_ref at
+all times. NB: functional references are usually obtained by a call to
+ENGINE_init(), but can also be created implicitly by calls that require a
+new functional reference to be created, eg. ENGINE_set_default(). Either
+way the only time the underlying ENGINE's "init" function is really called
+is when the (functional) reference count increases to 1, similarly the
+underlying "finish" handler is only called as the count goes down to 0.
+The effect of this, for example, is that if you set the default ENGINE for
+RSA operations to be "cswift", then its functional reference count will
+already be at least 1 so the CryptoSwift shared-library and the card will
+stay loaded and initialised until such time as all RSA keys using the
+cswift ENGINE are changed or destroyed and the default ENGINE for RSA
+operations has been changed. This prevents repeated thrashing of init and
+finish handling if the count keeps getting down as far as zero.
+
+Otherwise, the way the ENGINE code has been put together I think pretty
+much reflects the above points. The reason for the ENGINE structure having
+individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
+easiest way to go about things for now, to hook it all into the raw
+RSA,DSA,etc code, and I was trying to the keep the structure invisible
+anyway so that the way this is internally managed could be easily changed
+later on when we start to work out what's to be done about these other
+abstractions.
+
+Down the line, if some EVP-based technique emerges for adequately
+encapsulating algorithms and all their various bits and pieces, then I can
+imagine that "ENGINE" would turn into a reference-counting database of
+these EVP things, of which the default "openssl" ENGINE would be the
+library's own object database of pre-built software implemented algorithms
+(and such). It would also be cool to see the idea of "METHOD"s detached
+from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
+expose essentially the same METHOD (aka interface), which would include
+any querying/flagging stuff to identify what the algorithm can/can't do,
+its name, and other stuff like max/min block sizes, key sizes, etc. This
+would result in ENGINE similarly detaching its internal database of
+algorithm implementations from the function definitions that return
+interfaces to them. I think ...
+
+As for DSOs etc. Well the DSO code is pretty handy (but could be made much
+more so) for loading vendor's driver-libraries and talking to them in some
+generic way, but right now there's still big problems associated with
+actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
+matter) in dynamically loadable libraries. These problems won't go away in
+a hurry so I don't think we should expect to have any kind of
+shared-library extensions any time soon - but solving the problems is a
+good thing to aim for, and would as a side-effect probably help make
+OpenSSL more usable as a shared-library itself (looking at the things
+needed to do this will show you why).
+
+One of the problems is that if you look at any of the ENGINE
+implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
+a variety of functionality and definitions from various areas of OpenSSL,
+including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
+crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
+were to be suctioned off into shared libraries, the shared libraries would
+either have to duplicate all the definitions and code and avoid loader
+conflicts, or OpenSSL would have to somehow expose all that functionality
+to the shared-library. If this isn't a big enough problem, the issue of
+binary compatibility will be - anyone writing Apache modules can tell you
+that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
+quite so forgiving as Apache should be, so OpenSSL could simply tell its
+version to the DSO and leave the DSO with the problem of deciding whether
+to proceed or bail out for fear of binary incompatibilities.
+
+Certainly one thing that would go a long way to addressing this is to
+embark on a bit of an opaqueness mission. I've set the ENGINE code up with
+this in mind - it's so draconian that even to declare your own ENGINE, you
+have to get the engine code to create the underlying ENGINE structure, and
+then feed in the new ENGINE's function/method pointers through various
+"set" functions. The more of the code that takes on such a black-box
+approach, the more of the code that will be (a) easy to expose to shared
+libraries that need it, and (b) easy to expose to applications wanting to
+use OpenSSL itself as a shared-library. From my own explorations in
+OpenSSL, the biggest leviathan I've seen that is a problem in this respect
+is the BIGNUM code. Trying to "expose" the bignum code through any kind of
+organised "METHODs", let alone do all the necessary bignum operations
+solely through functions rather than direct access to the structures and
+macros, will be a massive pain in the "r"s.
+
+Anyway, I'm done for now - hope it was readable. Thoughts?
+
+Cheers,
+Geoff
+
+
+-----------------------------------==*==-----------------------------------
+
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
new file mode 100644
index 0000000000..2983f47034
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -0,0 +1,398 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA               (unsigned int)0x0001
+#define ENGINE_METHOD_DSA               (unsigned int)0x0002
+#define ENGINE_METHOD_DH                (unsigned int)0x0004
+#define ENGINE_METHOD_RAND              (unsigned int)0x0008
+#define ENGINE_METHOD_BN_MOD_EXP        (unsigned int)0x0010
+#define ENGINE_METHOD_BN_MOD_EXP_CRT    (unsigned int)0x0020
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM               1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /* Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+#define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /* This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library. */
+
+/* As we're missing a BIGNUM_METHOD, we need a couple of locally
+ * defined function types that engines can implement. */
+
+#ifndef HEADER_ENGINE_INT_H
+/* mod_exp operation, calculates; r = a ^ p mod m
+ * NB: ctx can be NULL, but if supplied, the implementation may use
+ * it if it wishes. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef void (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+/* The list of "engine" types is a static array of (const ENGINE*)
+ * pointers (not dynamic because static is fine for now and we otherwise
+ * have to hook an appropriate load/unload function in to initialise and
+ * cleanup). */
+typedef struct engine_st ENGINE;
+#endif
+
+/* STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference".
+ * This means that their reference is to allow access to the structure
+ * but it does not imply that the structure is functional. To simply
+ * increment or decrement the structural reference count, use ENGINE_new
+ * and ENGINE_free. NB: This is not required when iterating using
+ * ENGINE_get_next as it will automatically decrement the structural
+ * reference count of the "current" ENGINE and increment the structural
+ * reference count of the ENGINE it returns (unless it is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+/* These functions are useful for manufacturing new ENGINE
+ * structures. They don't address reference counting at all -
+ * one uses them to populate an ENGINE structure with personalised
+ * implementations of things prior to using it directly or adding
+ * it to the builtin ENGINE list in OpenSSL. These are also here
+ * so that the ENGINE structure doesn't have to be exposed and
+ * break binary compatibility!
+ *
+ * NB: I'm changing ENGINE_new to force the ENGINE structure to
+ * be allocated from within OpenSSL. See the comment for
+ * ENGINE_get_struct_size().
+ */
+#if 0
+ENGINE *ENGINE_new(ENGINE *e);
+#else
+ENGINE *ENGINE_new(void);
+#endif
+int ENGINE_free(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+
+/* These return values from within the ENGINE structure. These can
+ * be useful with functional references as well as structural
+ * references - it depends which you obtained. Using the result
+ * for functional purposes if you only obtained a structural
+ * reference may be problematic! */
+const char *ENGINE_get_id(ENGINE *e);
+const char *ENGINE_get_name(ENGINE *e);
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
+DH_METHOD *ENGINE_get_DH(ENGINE *e);
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
+
+/* ENGINE_new is normally passed a NULL in the first parameter because
+ * the calling code doesn't have access to the definition of the ENGINE
+ * structure (for good reason). However, if the caller wishes to use
+ * its own memory allocation or use a static array, the following call
+ * should be used to check the amount of memory the ENGINE structure
+ * will occupy. This will make the code more future-proof.
+ *
+ * NB: I'm "#if 0"-ing this out because it's better to force the use of
+ * internally allocated memory. See similar change in ENGINE_new().
+ */
+#if 0
+int ENGINE_get_struct_size(void);
+#endif
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+/* Send control parametrised commands to the engine.  The possibilities
+ * to send down an integer, a pointer to data or a function pointer are
+ * provided.  Any of the parameters may or may not be NULL, depending
+ * on the command number */
+/* WARNING: This is currently experimental and may change radically! */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        const char *passphrase);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        const char *passphrase);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_default_BN_mod_exp(void);
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+/* Obligatory error function. */
+void ERR_load_ENGINE_strings(void);
+
+/*
+ * Error codes for all engine functions. NB: We use "generic"
+ * function names instead of per-implementation ones because this
+ * levels the playing field for externally implemented bootstrapped
+ * support code. As the filename and line number is included, it's
+ * more important to indicate the type of function, so that
+ * bootstrapped code (that can't easily add its own errors in) can
+ * use the same error codes too.
+ */
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_ATALLA_FINISH                           135
+#define ENGINE_F_ATALLA_INIT                             136
+#define ENGINE_F_ATALLA_MOD_EXP                          137
+#define ENGINE_F_ATALLA_RSA_MOD_EXP                      138
+#define ENGINE_F_CSWIFT_DSA_SIGN                         133
+#define ENGINE_F_CSWIFT_DSA_VERIFY                       134
+#define ENGINE_F_CSWIFT_FINISH                           100
+#define ENGINE_F_CSWIFT_INIT                             101
+#define ENGINE_F_CSWIFT_MOD_EXP                          102
+#define ENGINE_F_CSWIFT_MOD_EXP_CRT                      103
+#define ENGINE_F_CSWIFT_RSA_MOD_EXP                      104
+#define ENGINE_F_ENGINE_ADD                              105
+#define ENGINE_F_ENGINE_BY_ID                            106
+#define ENGINE_F_ENGINE_CTRL                             142
+#define ENGINE_F_ENGINE_FINISH                           107
+#define ENGINE_F_ENGINE_FREE                             108
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP                   109
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT               110
+#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION                144
+#define ENGINE_F_ENGINE_GET_DH                           111
+#define ENGINE_F_ENGINE_GET_DSA                          112
+#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION              145
+#define ENGINE_F_ENGINE_GET_ID                           113
+#define ENGINE_F_ENGINE_GET_INIT_FUNCTION                146
+#define ENGINE_F_ENGINE_GET_NAME                         114
+#define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PREV                         116
+#define ENGINE_F_ENGINE_GET_RAND                         117
+#define ENGINE_F_ENGINE_GET_RSA                          118
+#define ENGINE_F_ENGINE_INIT                             119
+#define ENGINE_F_ENGINE_LIST_ADD                         120
+#define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#define ENGINE_F_ENGINE_NEW                              122
+#define ENGINE_F_ENGINE_REMOVE                           123
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP                   124
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT               125
+#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION                147
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
+#define ENGINE_F_ENGINE_SET_DH                           127
+#define ENGINE_F_ENGINE_SET_DSA                          128
+#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION              148
+#define ENGINE_F_ENGINE_SET_ID                           129
+#define ENGINE_F_ENGINE_SET_INIT_FUNCTION                149
+#define ENGINE_F_ENGINE_SET_NAME                         130
+#define ENGINE_F_ENGINE_SET_RAND                         131
+#define ENGINE_F_ENGINE_SET_RSA                          132
+#define ENGINE_F_ENGINE_UNLOAD_KEY                       152
+#define ENGINE_F_HWCRHK_CTRL                             143
+#define ENGINE_F_HWCRHK_FINISH                           135
+#define ENGINE_F_HWCRHK_GET_PASS                         155
+#define ENGINE_F_HWCRHK_INIT                             136
+#define ENGINE_F_HWCRHK_LOAD_PRIVKEY                     153
+#define ENGINE_F_HWCRHK_LOAD_PUBKEY                      154
+#define ENGINE_F_HWCRHK_MOD_EXP                          137
+#define ENGINE_F_HWCRHK_MOD_EXP_CRT                      138
+#define ENGINE_F_HWCRHK_RAND_BYTES                       139
+#define ENGINE_F_HWCRHK_RSA_MOD_EXP                      140
+#define ENGINE_F_LOG_MESSAGE                             141
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED                          100
+#define ENGINE_R_BIO_WAS_FREED                           121
+#define ENGINE_R_BN_CTX_FULL                             101
+#define ENGINE_R_BN_EXPAND_FAIL                          102
+#define ENGINE_R_CHIL_ERROR                              123
+#define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#define ENGINE_R_DSO_FAILURE                             104
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#define ENGINE_R_FINISH_FAILED                           106
+#define ENGINE_R_GET_HANDLE_FAILED                       107
+#define ENGINE_R_ID_OR_NAME_MISSING                      108
+#define ENGINE_R_INIT_FAILED                             109
+#define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#define ENGINE_R_MISSING_KEY_COMPONENTS                  111
+#define ENGINE_R_NOT_INITIALISED                         117
+#define ENGINE_R_NOT_LOADED                              112
+#define ENGINE_R_NO_CALLBACK                             127
+#define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#define ENGINE_R_NO_KEY                                  124
+#define ENGINE_R_NO_LOAD_FUNCTION                        125
+#define ENGINE_R_NO_REFERENCE                            130
+#define ENGINE_R_NO_SUCH_ENGINE                          116
+#define ENGINE_R_NO_UNLOAD_FUNCTION                      126
+#define ENGINE_R_PROVIDE_PARAMETERS                      113
+#define ENGINE_R_REQUEST_FAILED                          114
+#define ENGINE_R_REQUEST_FALLBACK                        118
+#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL             122
+#define ENGINE_R_UNIT_FAILURE                            115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libssl/src/crypto/engine/engine_err.c b/src/lib/libssl/src/crypto/engine/engine_err.c
new file mode 100644
index 0000000000..0d7a31f6d5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine_err.c
@@ -0,0 +1,183 @@
+/* crypto/engine/engine_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+        {
+{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0),  "ATALLA_FINISH"},
+{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0),    "ATALLA_INIT"},
+{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0),     "ATALLA_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),        "CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),      "CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0),  "CSWIFT_FINISH"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),    "CSWIFT_INIT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),     "CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),     "CSWIFT_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),     "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),   "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),    "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),  "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),    "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0),  "ENGINE_get_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0),      "ENGINE_get_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0),       "ENGINE_get_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0),  "ENGINE_get_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0), "ENGINE_get_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0),     "ENGINE_get_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0),  "ENGINE_get_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0),       "ENGINE_get_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0),        "ENGINE_get_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),        "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),        "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0),        "ENGINE_get_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),    "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),        "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),     "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),        "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),     "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),  "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0),  "ENGINE_set_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0),      "ENGINE_set_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0),       "ENGINE_set_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),        "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0),  "ENGINE_set_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0),     "ENGINE_set_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),  "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0),       "ENGINE_set_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),        "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0),        "ENGINE_set_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),      "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0),    "HWCRHK_CTRL"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0),  "HWCRHK_FINISH"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0),        "HWCRHK_GET_PASS"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0),    "HWCRHK_INIT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0),    "HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0),     "HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),     "HWCRHK_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),      "HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),     "HWCRHK_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),    "LOG_MESSAGE"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+        {
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_BIO_WAS_FREED                  ,"bio was freed"},
+{ENGINE_R_BN_CTX_FULL                    ,"BN_CTX full"},
+{ENGINE_R_BN_EXPAND_FAIL                 ,"bn_expand fail"},
+{ENGINE_R_CHIL_ERROR                     ,"chil error"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CALLBACK                    ,"no callback"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_KEY                         ,"no key"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_REQUEST_FAILED                 ,"request failed"},
+{ENGINE_R_REQUEST_FALLBACK               ,"request fallback"},
+{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL    ,"size too large or too small"},
+{ENGINE_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/engine/engine_int.h b/src/lib/libssl/src/crypto/engine/engine_int.h
new file mode 100644
index 0000000000..447fa2a320
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine_int.h
@@ -0,0 +1,160 @@
+/* crypto/engine/engine_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Bitwise OR-able values for the "flags" variable in ENGINE. */
+#define ENGINE_FLAGS_MALLOCED   0x0001
+
+#ifndef HEADER_ENGINE_H
+/* Regrettably, we need to reproduce the "BN" function types here
+ * because there is no such "BIGNUM_METHOD" as there is with RSA,
+ * DSA, etc. We do this so that we don't have a case where engine.h
+ * and engine_int.h conflict with each other. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+ 
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+#endif
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+typedef struct engine_st
+        {
+        const char *id;
+        const char *name;
+        RSA_METHOD *rsa_meth;
+        DSA_METHOD *dsa_meth;
+        DH_METHOD *dh_meth;
+        RAND_METHOD *rand_meth;
+        BN_MOD_EXP bn_mod_exp;
+        BN_MOD_EXP_CRT bn_mod_exp_crt;
+        int (*init)(void);
+        int (*finish)(void);
+        int (*ctrl)(int cmd, long i, void *p, void (*f)());
+        EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
+        EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
+        int flags;
+        /* reference count on the structure itself */
+        int struct_ref;
+        /* reference count on usability of the engine type. NB: This
+         * controls the loading and initialisation of any functionlity
+         * required by this engine, whereas the previous count is
+         * simply to cope with (de)allocation of this structure. Hence,
+         * running_ref <= struct_ref at all times. */
+        int funct_ref;
+        /* Used to maintain the linked-list of engines. */
+        struct engine_st *prev;
+        struct engine_st *next;
+        } ENGINE;
+
+/* BUILT-IN ENGINES. (these functions are only ever called once and
+ * do not return references - they are purely for bootstrapping). */
+
+/* Returns a structure of software only methods (the default). */
+ENGINE *ENGINE_openssl();
+
+#ifndef NO_HW
+
+#ifndef NO_HW_CSWIFT
+/* Returns a structure of cswift methods ... NB: This can exist and be
+ * "used" even on non-cswift systems because the "init" will fail if the
+ * card/library are not found. */
+ENGINE *ENGINE_cswift();
+#endif /* !NO_HW_CSWIFT */
+
+#ifndef NO_HW_NCIPHER
+ENGINE *ENGINE_ncipher();
+#endif /* !NO_HW_NCIPHER */
+
+#ifndef NO_HW_ATALLA
+/* Returns a structure of atalla methods. */
+ENGINE *ENGINE_atalla();
+#endif /* !NO_HW_ATALLA */
+
+#endif /* !NO_HW */
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libssl/src/crypto/engine/engine_lib.c b/src/lib/libssl/src/crypto/engine/engine_lib.c
new file mode 100644
index 0000000000..1df07af03a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine_lib.c
@@ -0,0 +1,488 @@
+/* crypto/engine/engine_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* These pointers each have their own "functional reference" when they
+ * are non-NULL. Similarly, when they are retrieved by a call to
+ * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
+ * reference and the caller is responsible for freeing that when they
+ * are finished with it (with a call to ENGINE_finish() *NOT* just
+ * ENGINE_free()!!!!!!). */
+static ENGINE *engine_def_rsa = NULL;
+static ENGINE *engine_def_dsa = NULL;
+static ENGINE *engine_def_dh = NULL;
+static ENGINE *engine_def_rand = NULL;
+static ENGINE *engine_def_bn_mod_exp = NULL;
+static ENGINE *engine_def_bn_mod_exp_crt = NULL;
+/* A static "once-only" flag used to control if/when the above were
+ * initialised to suitable start-up defaults. */
+static int engine_def_flag = 0;
+
+/* This is used in certain static utility functions to save code
+ * repetition for per-algorithm functions. */
+typedef enum {
+        ENGINE_TYPE_RSA,
+        ENGINE_TYPE_DSA,
+        ENGINE_TYPE_DH,
+        ENGINE_TYPE_RAND,
+        ENGINE_TYPE_BN_MOD_EXP,
+        ENGINE_TYPE_BN_MOD_EXP_CRT
+        } ENGINE_TYPE;
+
+static void engine_def_check_util(ENGINE **def, ENGINE *val)
+        {
+        *def = val;
+        val->struct_ref++;
+        val->funct_ref++;
+        }
+
+/* In a slight break with convention - this static function must be
+ * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
+static void engine_def_check(void)
+        {
+        ENGINE *e;
+        if(engine_def_flag)
+                return;
+        e = ENGINE_get_first();
+        if(e == NULL)
+                /* The list is empty ... not much we can do! */
+                return;
+        /* We have a structural reference, see if getting a functional
+         * reference is possible. This is done to cope with init errors
+         * in the engine - the following locked code does a bunch of
+         * manual "ENGINE_init"s which do *not* allow such an init
+         * error so this is worth doing. */
+        if(ENGINE_init(e))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                /* Doing another check here prevents an obvious race
+                 * condition because the whole function itself cannot
+                 * be locked. */
+                if(engine_def_flag)
+                        goto skip_set_defaults;
+                /* OK, we got a functional reference, so we get one each
+                 * for the defaults too. */
+                engine_def_check_util(&engine_def_rsa, e);
+                engine_def_check_util(&engine_def_dsa, e);
+                engine_def_check_util(&engine_def_dh, e);
+                engine_def_check_util(&engine_def_rand, e);
+                engine_def_check_util(&engine_def_bn_mod_exp, e);
+                engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
+                engine_def_flag = 1;
+skip_set_defaults:
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                /* The "if" needs to be balanced out. */
+                ENGINE_finish(e);
+                }
+        /* We need to balance out the fact we obtained a structural
+         * reference to begin with from ENGINE_get_first(). */
+        ENGINE_free(e);
+        }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_init(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if((e->funct_ref == 0) && e->init)
+                /* This is the first functional reference and the engine
+                 * requires initialisation so we do it now. */
+                to_return = e->init();
+        if(to_return)
+                {
+                /* OK, we return a functional reference which is also a
+                 * structural reference. */
+                e->struct_ref++;
+                e->funct_ref++;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+/* Free a functional reference to a engine type */
+int ENGINE_finish(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if((e->funct_ref == 1) && e->finish)
+#if 0
+                /* This is the last functional reference and the engine
+                 * requires cleanup so we do it now. */
+                to_return = e->finish();
+        if(to_return)
+                {
+                /* Cleanup the functional reference which is also a
+                 * structural reference. */
+                e->struct_ref--;
+                e->funct_ref--;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#else
+                /* I'm going to deliberately do a convoluted version of this
+                 * piece of code because we don't want "finish" functions
+                 * being called inside a locked block of code, if at all
+                 * possible. I'd rather have this call take an extra couple
+                 * of ticks than have throughput serialised on a externally-
+                 * provided callback function that may conceivably never come
+                 * back. :-( */
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                /* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
+                if((to_return = e->finish()))
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                        /* Cleanup the functional reference which is also a
+                         * structural reference. */
+                        e->struct_ref--;
+                        e->funct_ref--;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                        }
+                }
+        else
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#endif
+        return to_return;
+        }
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        const char *passphrase)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        if (!e->load_privkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        pkey = e->load_privkey(key_id, passphrase);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                return 0;
+                }
+        return pkey;
+        }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        const char *passphrase)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        if (!e->load_pubkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        pkey = e->load_pubkey(key_id, passphrase);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                return 0;
+                }
+        return pkey;
+        }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->struct_ref == 0)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+                return 0;
+                }
+        if (!e->ctrl)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return e->ctrl(cmd, i, p, f);
+        }
+
+static ENGINE *engine_get_default_type(ENGINE_TYPE t)
+        {
+        ENGINE *ret = NULL;
+
+        /* engine_def_check is lean and mean and won't replace any
+         * prior default engines ... so we must ensure that it is always
+         * the first function to get to touch the default values. */
+        engine_def_check();
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        switch(t)
+                {
+        case ENGINE_TYPE_RSA:
+                ret = engine_def_rsa; break;
+        case ENGINE_TYPE_DSA:
+                ret = engine_def_dsa; break;
+        case ENGINE_TYPE_DH:
+                ret = engine_def_dh; break;
+        case ENGINE_TYPE_RAND:
+                ret = engine_def_rand; break;
+        case ENGINE_TYPE_BN_MOD_EXP:
+                ret = engine_def_bn_mod_exp; break;
+        case ENGINE_TYPE_BN_MOD_EXP_CRT:
+                ret = engine_def_bn_mod_exp_crt; break;
+                }
+        /* Unforunately we can't do this work outside the lock with a
+         * call to ENGINE_init() because that would leave a race
+         * condition open. */
+        if(ret)
+                {
+                ret->struct_ref++;
+                ret->funct_ref++;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+ENGINE *ENGINE_get_default_RSA(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_RSA);
+        }
+
+ENGINE *ENGINE_get_default_DSA(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_DSA);
+        }
+
+ENGINE *ENGINE_get_default_DH(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_DH);
+        }
+
+ENGINE *ENGINE_get_default_RAND(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_RAND);
+        }
+
+ENGINE *ENGINE_get_default_BN_mod_exp(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
+        }
+
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
+        {
+        return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
+        }
+
+static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
+        {
+        ENGINE *old = NULL;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        /* engine_def_check is lean and mean and won't replace any
+         * prior default engines ... so we must ensure that it is always
+         * the first function to get to touch the default values. */
+        engine_def_check();
+        /* Attempt to get a functional reference (we need one anyway, but
+         * also, 'e' may be just a structural reference being passed in so
+         * this call may actually be the first). */
+        if(!ENGINE_init(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                        ENGINE_R_INIT_FAILED);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        switch(t)
+                {
+        case ENGINE_TYPE_RSA:
+                old = engine_def_rsa;
+                engine_def_rsa = e; break;
+        case ENGINE_TYPE_DSA:
+                old = engine_def_dsa;
+                engine_def_dsa = e; break;
+        case ENGINE_TYPE_DH:
+                old = engine_def_dh;
+                engine_def_dh = e; break;
+        case ENGINE_TYPE_RAND:
+                old = engine_def_rand;
+                engine_def_rand = e; break;
+        case ENGINE_TYPE_BN_MOD_EXP:
+                old = engine_def_bn_mod_exp;
+                engine_def_bn_mod_exp = e; break;
+        case ENGINE_TYPE_BN_MOD_EXP_CRT:
+                old = engine_def_bn_mod_exp_crt;
+                engine_def_bn_mod_exp_crt = e; break;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* If we've replaced a previous value, then we need to remove the
+         * functional reference we had. */
+        if(old && !ENGINE_finish(old))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                        ENGINE_R_FINISH_FAILED);
+                return 0;
+                }
+        return 1;
+        }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_RSA, e);
+        }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_DSA, e);
+        }
+
+int ENGINE_set_default_DH(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_DH, e);
+        }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_RAND, e);
+        }
+
+int ENGINE_set_default_BN_mod_exp(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
+        }
+
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
+        {
+        return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
+        }
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+        {
+        if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
+                        !ENGINE_set_default_RSA(e))
+                return 0;
+        if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
+                        !ENGINE_set_default_DSA(e))
+                return 0;
+        if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
+                        !ENGINE_set_default_DH(e))
+                return 0;
+        if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
+                        !ENGINE_set_default_RAND(e))
+                return 0;
+        if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
+                        !ENGINE_set_default_BN_mod_exp(e))
+                return 0;
+        if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
+                        !ENGINE_set_default_BN_mod_exp_crt(e))
+                return 0;
+        return 1;
+        }
+
diff --git a/src/lib/libssl/src/crypto/engine/engine_list.c b/src/lib/libssl/src/crypto/engine/engine_list.c
new file mode 100644
index 0000000000..d764c60661
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine_list.c
@@ -0,0 +1,675 @@
+/* crypto/engine/engine_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+/* A boolean switch, used to ensure we only initialise once. This
+ * is needed because the engine list may genuinely become empty during
+ * use (so we can't use engine_list_head as an indicator for example. */
+static int engine_list_flag = 0;
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+        {
+        int conflict = 0;
+        ENGINE *iterator = NULL;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        iterator = engine_list_head;
+        while(iterator && !conflict)
+                {
+                conflict = (strcmp(iterator->id, e->id) == 0);
+                iterator = iterator->next;
+                }
+        if(conflict)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+                }
+        if(engine_list_head == NULL)
+                {
+                /* We are adding to an empty list. */
+                if(engine_list_tail)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_head = e;
+                e->prev = NULL;
+                }
+        else
+                {
+                /* We are adding to the tail of an existing list. */
+                if((engine_list_tail == NULL) ||
+                                (engine_list_tail->next != NULL))
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_tail->next = e;
+                e->prev = engine_list_tail;
+                }
+        /* Having the engine in the list assumes a structural
+         * reference. */
+        e->struct_ref++;
+        /* However it came to be, e is the last item in the list. */
+        engine_list_tail = e;
+        e->next = NULL;
+        return 1;
+        }
+
+static int engine_list_remove(ENGINE *e)
+        {
+        ENGINE *iterator;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        /* We need to check that e is in our linked list! */
+        iterator = engine_list_head;
+        while(iterator && (iterator != e))
+                iterator = iterator->next;
+        if(iterator == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+                return 0;
+                }
+        /* un-link e from the chain. */
+        if(e->next)
+                e->next->prev = e->prev;
+        if(e->prev)
+                e->prev->next = e->next;
+        /* Correct our head/tail if necessary. */
+        if(engine_list_head == e)
+                engine_list_head = e->next;
+        if(engine_list_tail == e)
+                engine_list_tail = e->prev;
+        /* remove our structural reference. */
+        e->struct_ref--;
+        return 1;
+        }
+
+/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
+ * so we're synchronised, but we can't call anything that tries to
+ * lock it again! :-) NB: For convenience (and code-clarity) we
+ * don't output errors for failures of the engine_list_add function
+ * as it will generate errors itself. */
+static int engine_internal_check(void)
+        {
+        if(engine_list_flag)
+                return 1;
+        /* This is our first time up, we need to populate the list
+         * with our statically compiled-in engines. */
+        if(!engine_list_add(ENGINE_openssl()))
+                return 0;
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+        if(!engine_list_add(ENGINE_cswift()))
+                return 0;
+#endif /* !NO_HW_CSWIFT */
+#ifndef NO_HW_NCIPHER
+        if(!engine_list_add(ENGINE_ncipher()))
+                return 0;
+#endif /* !NO_HW_NCIPHER */
+#ifndef NO_HW_ATALLA
+        if(!engine_list_add(ENGINE_atalla()))
+                return 0;
+#endif /* !NO_HW_ATALLA */
+#endif /* !NO_HW */
+        engine_list_flag = 1;
+        return 1;
+        }
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+        {
+        ENGINE *ret = NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        if(engine_internal_check())
+                {
+                ret = engine_list_head;
+                if(ret)
+                        ret->struct_ref++;
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+ENGINE *ENGINE_get_last(void)
+        {
+        ENGINE *ret = NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        if(engine_internal_check())
+                {
+                ret = engine_list_tail;
+                if(ret)
+                        ret->struct_ref++;
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->next;
+        e->struct_ref--;
+        if(ret)
+                ret->struct_ref++;
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+ENGINE *ENGINE_get_prev(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->prev;
+        e->struct_ref--;
+        if(ret)
+                ret->struct_ref++;
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->id == NULL) || (e->name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_ID_OR_NAME_MISSING);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_internal_check() || !engine_list_add(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_internal_check() || !engine_list_remove(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+ENGINE *ENGINE_by_id(const char *id)
+        {
+        ENGINE *iterator = NULL;
+        if(id == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_internal_check())
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+        else
+                {
+                iterator = engine_list_head;
+                while(iterator && (strcmp(id, iterator->id) != 0))
+                        iterator = iterator->next;
+                if(iterator)
+                        /* We need to return a structural reference */
+                        iterator->struct_ref++;
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        if(iterator == NULL)
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ENGINE_R_NO_SUCH_ENGINE);
+        return iterator;
+        }
+
+/* As per the comments in engine.h, it is generally better all round
+ * if the ENGINE structure is allocated within this framework. */
+#if 0
+int ENGINE_get_struct_size(void)
+        {
+        return sizeof(ENGINE);
+        }
+
+ENGINE *ENGINE_new(ENGINE *e)
+        {
+        ENGINE *ret;
+
+        if(e == NULL)
+                {
+                ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
+                if(ret == NULL)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_NEW,
+                                ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                        }
+                }
+        else
+                ret = e;
+        memset(ret, 0, sizeof(ENGINE));
+        if(e)
+                ret->flags = ENGINE_FLAGS_MALLOCED;
+        ret->struct_ref = 1;
+        return ret;
+        }
+#else
+ENGINE *ENGINE_new(void)
+        {
+        ENGINE *ret;
+
+        ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+        if(ret == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ret, 0, sizeof(ENGINE));
+        ret->flags = ENGINE_FLAGS_MALLOCED;
+        ret->struct_ref = 1;
+        return ret;
+        }
+#endif
+
+int ENGINE_free(ENGINE *e)
+        {
+        int i;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FREE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+#ifdef REF_PRINT
+        REF_PRINT("ENGINE",e);
+#endif
+        if (i > 0) return 1;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ENGINE_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if(e->flags & ENGINE_FLAGS_MALLOCED)
+                OPENSSL_free(e);
+        return 1;
+        }
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+        {
+        if((e == NULL) || (id == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->id = id;
+        return 1;
+        }
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+        if((e == NULL) || (name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->name = name;
+        return 1;
+        }
+
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
+        {
+        if((e == NULL) || (rsa_meth == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->rsa_meth = rsa_meth;
+        return 1;
+        }
+
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
+        {
+        if((e == NULL) || (dsa_meth == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->dsa_meth = dsa_meth;
+        return 1;
+        }
+
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
+        {
+        if((e == NULL) || (dh_meth == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DH,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->dh_meth = dh_meth;
+        return 1;
+        }
+
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
+        {
+        if((e == NULL) || (rand_meth == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->rand_meth = rand_meth;
+        return 1;
+        }
+
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
+        {
+        if((e == NULL) || (bn_mod_exp == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->bn_mod_exp = bn_mod_exp;
+        return 1;
+        }
+
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
+        {
+        if((e == NULL) || (bn_mod_exp_crt == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->bn_mod_exp_crt = bn_mod_exp_crt;
+        return 1;
+        }
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+        {
+        if((e == NULL) || (init_f == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->init = init_f;
+        return 1;
+        }
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+        {
+        if((e == NULL) || (finish_f == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->finish = finish_f;
+        return 1;
+        }
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+        {
+        if((e == NULL) || (ctrl_f == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->ctrl = ctrl_f;
+        return 1;
+        }
+
+const char *ENGINE_get_id(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        return e->id;
+        }
+
+const char *ENGINE_get_name(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        return e->name;
+        }
+
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->rsa_meth;
+        }
+
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->dsa_meth;
+        }
+
+DH_METHOD *ENGINE_get_DH(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_DH,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->dh_meth;
+        }
+
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->rand_meth;
+        }
+
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->bn_mod_exp;
+        }
+
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->bn_mod_exp_crt;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->init;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->finish;
+        }
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        return e->ctrl;
+        }
+
diff --git a/src/lib/libssl/src/crypto/engine/engine_openssl.c b/src/lib/libssl/src/crypto/engine/engine_openssl.c
new file mode 100644
index 0000000000..9636f51168
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/engine_openssl.c
@@ -0,0 +1,174 @@
+/* crypto/engine/engine_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+
+/* This is the only function we need to implement as OpenSSL
+ * doesn't have a native CRT mod_exp. Perhaps this should be
+ * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* The ENGINE structure that can be pointed to. */
+static ENGINE engine_openssl =
+        {
+        "openssl",
+        "Software default engine support",
+        NULL,
+        NULL,
+        NULL, /* these methods are "stolen" in ENGINE_openssl() */
+        NULL,
+        NULL,
+        openssl_mod_exp_crt,
+        NULL, /* no init() */
+        NULL, /* no finish() */
+        NULL, /* no ctrl() */
+        NULL, /* no load_privkey() */
+        NULL, /* no load_pubkey() */
+        0, /* no flags */
+        0, 0, /* no references. */
+        NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_openssl()
+        {
+        /* We need to populate our structure with the software pointers
+         * that we want to steal. */
+        engine_openssl.rsa_meth = RSA_get_default_openssl_method();
+        engine_openssl.dsa_meth = DSA_get_default_openssl_method();
+        engine_openssl.dh_meth = DH_get_default_openssl_method();
+        engine_openssl.rand_meth = RAND_SSLeay();
+        engine_openssl.bn_mod_exp = BN_mod_exp;
+        return &engine_openssl;
+        }
+
+/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dmp1,
+                        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        BIGNUM r1,m1;
+        int ret=0;
+        BN_CTX *bn_ctx;
+        BIGNUM *temp_bn = NULL;
+
+        if (ctx)
+                bn_ctx = ctx;
+        else
+                if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
+        BN_init(&m1);
+        BN_init(&r1);
+        /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
+         * to duplicate what I need. <sigh> */
+        if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
+        if (!BN_copy(temp_bn, iqmp)) goto err;
+ 
+        if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
+        if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
+                goto err;
+ 
+        if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
+        if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
+                goto err;
+
+        if (!BN_sub(r, r, &m1)) goto err;
+        /* This will help stop the size of r0 increasing, which does
+         * affect the multiply if it optimised for a power of 2 size */
+        if (r->neg)
+                if (!BN_add(r, r, p)) goto err;
+ 
+        if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+        if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
+        /* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r is negative above to leave the result still
+         * negative. This can break the private key operations: the following
+         * second correction should *always* correct this rare occurrence.
+         * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+        if (r->neg)
+                if (!BN_add(r, r, p)) goto err;
+        /* Again, BN_mul() will need non-const values. */
+        if (!BN_copy(temp_bn, q)) goto err;
+        if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+        if (!BN_add(r, &r1, &m1)) goto err;
+ 
+        ret=1;
+err:
+        BN_clear_free(&m1);
+        BN_clear_free(&r1);
+        if (temp_bn)
+                bn_ctx->tos--;
+        if (!ctx)
+                BN_CTX_free(bn_ctx);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/engine/enginetest.c b/src/lib/libssl/src/crypto/engine/enginetest.c
new file mode 100644
index 0000000000..a5a3c47fcb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/enginetest.c
@@ -0,0 +1,251 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        if(!ENGINE_remove(new_h1))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                free((char *)(ENGINE_get_id(block[loop])));
+                free((char *)(ENGINE_get_name(block[loop])));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        return to_return;
+        }
diff --git a/src/lib/libssl/src/crypto/engine/hw_atalla.c b/src/lib/libssl/src/crypto/engine/hw_atalla.c
new file mode 100644
index 0000000000..3bb992a193
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/hw_atalla.c
@@ -0,0 +1,444 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+static int atalla_init(void);
+static int atalla_finish(void);
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+        {
+        "Atalla RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        atalla_rsa_mod_exp,
+        atalla_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+        {
+        "Atalla DSA method",
+        NULL, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        NULL, /* dsa_do_verify */
+        atalla_dsa_mod_exp, /* dsa_mod_exp */
+        atalla_mod_exp_dsa, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+        {
+        "Atalla DH method",
+        NULL,
+        NULL,
+        atalla_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+
+/* Our ENGINE structure. */
+static ENGINE engine_atalla =
+        {
+        "atalla",
+        "Atalla hardware engine support",
+        &atalla_rsa,
+        &atalla_dsa,
+        &atalla_dh,
+        NULL,
+        atalla_mod_exp,
+        NULL,
+        atalla_init,
+        atalla_finish,
+        NULL, /* no ctrl() */
+        NULL, /* no load_privkey() */
+        NULL, /* no load_pubkey() */
+        0, /* no flags */
+        0, 0, /* no references */
+        NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_atalla()
+        {
+        RSA_METHOD *meth1;
+        DSA_METHOD *meth2;
+        DH_METHOD *meth3;
+
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the atalla-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+        atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+        atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        atalla_dh.generate_key = meth3->generate_key;
+        atalla_dh.compute_key = meth3->compute_key;
+        return &engine_atalla;
+        }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* (de)initialisation functions. */
+static int atalla_init()
+        {
+        tfnASI_GetHardwareConfig *p1;
+        tfnASI_RSAPrivateKeyOpFn *p2;
+        tfnASI_GetPerformanceStatistics *p3;
+        /* Not sure of the origin of this magic value, but Ben's code had it
+         * and it seemed to have been working for a few people. :-) */
+        unsigned int config_buf[1024];
+
+        if(atalla_dso != NULL)
+                {
+                ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+         * changed unfortunately because the Atalla drivers don't have
+         * standard library names that can be platform-translated well. */
+        /* TODO: Work out how to actually map to the names the Atalla
+         * drivers really use - for now a symbollic link needs to be
+         * created on the host system from libatasi.so to atasi.so on
+         * unix variants. */
+        atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL,
+                DSO_FLAG_NAME_TRANSLATION);
+        if(atalla_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+                                atalla_dso, ATALLA_F1)) ||
+                        !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+                                atalla_dso, ATALLA_F2)) ||
+                        !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+                                atalla_dso, ATALLA_F3)))
+                {
+                ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_Atalla_GetHardwareConfig = p1;
+        p_Atalla_RSAPrivateKeyOpFn = p2;
+        p_Atalla_GetPerformanceStatistics = p3;
+        /* Perform a basic test to see if there's actually any unit
+         * running. */
+        if(p1(0L, config_buf) != 0)
+                {
+                ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+        return 1;
+err:
+        if(atalla_dso)
+                DSO_free(atalla_dso);
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 0;
+        }
+
+static int atalla_finish()
+        {
+        if(atalla_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(atalla_dso))
+                {
+                ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
+                return 0;
+                }
+        atalla_dso = NULL;
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 1;
+        }
+
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the Atalla API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        RSAPrivateKey keydata;
+        int to_return, numbytes;
+
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+
+        if(!atalla_dso)
+        {
+                ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
+                goto err;
+        }
+        /* Prepare the params */
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!modulus || !exponent || !argument || !result)
+        {
+                ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+                goto err;
+        }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+           !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+        {
+                ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        /* Prepare the key-data */
+        memset(&keydata, 0,sizeof keydata);
+        numbytes = BN_num_bytes(m);
+        memset(exponent->d, 0, numbytes);
+        memset(modulus->d, 0, numbytes);
+        BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+        BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+        keydata.privateExponent.data = (unsigned char *)exponent->d;
+        keydata.privateExponent.len = numbytes;
+        keydata.modulus.data = (unsigned char *)modulus->d;
+        keydata.modulus.len = numbytes;
+        /* Prepare the argument */
+        memset(argument->d, 0, numbytes);
+        memset(result->d, 0, numbytes);
+        BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+        /* Perform the operation */
+        if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+                        (unsigned char *)argument->d,
+                        keydata.modulus.len) != 0)
+        {
+                ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                goto err;
+        }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, numbytes, r);
+        to_return = 1;
+err:
+        if(modulus) ctx->tos--;
+        if(exponent) ctx->tos--;
+        if(argument) ctx->tos--;
+        if(result) ctx->tos--;
+        return to_return;
+        }
+
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx = NULL;
+        int to_return = 0;
+
+        if(!atalla_dso)
+        {
+                ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
+                goto err;
+        }
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->d || !rsa->n)
+                {
+                ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+
+#endif /* !NO_HW_ATALLA */
+#endif /* !NO_HW */
diff --git a/src/lib/libssl/src/crypto/engine/hw_cswift.c b/src/lib/libssl/src/crypto/engine/hw_cswift.c
new file mode 100644
index 0000000000..77608b8983
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/hw_cswift.c
@@ -0,0 +1,807 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+static int cswift_init(void);
+static int cswift_finish(void);
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+        {
+        "CryptoSwift RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        cswift_rsa_mod_exp,
+        cswift_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+        {
+        "CryptoSwift DSA method",
+        cswift_dsa_sign,
+        NULL, /* dsa_sign_setup */
+        cswift_dsa_verify,
+        NULL, /* dsa_mod_exp */
+        NULL, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+        {
+        "CryptoSwift DH method",
+        NULL,
+        NULL,
+        cswift_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+
+/* Our ENGINE structure. */
+static ENGINE engine_cswift =
+        {
+        "cswift",
+        "CryptoSwift hardware engine support",
+        &cswift_rsa,
+        &cswift_dsa,
+        &cswift_dh,
+        NULL,
+        cswift_mod_exp,
+        cswift_mod_exp_crt,
+        cswift_init,
+        cswift_finish,
+        NULL, /* no ctrl() */
+        NULL, /* no load_privkey() */
+        NULL, /* no load_pubkey() */
+        0, /* no flags */
+        0, 0, /* no references */
+        NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_cswift()
+        {
+        RSA_METHOD *meth1;
+        DH_METHOD *meth2;
+
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        cswift_dh.generate_key = meth2->generate_key;
+        cswift_dh.compute_key = meth2->compute_key;
+        return &engine_cswift;
+        }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = "swift";
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+        {
+        SW_STATUS status;
+ 
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+        {
+        p_CSwift_ReleaseAccContext(hac);
+        }
+
+/* (de)initialisation functions. */
+static int cswift_init()
+        {
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+
+        if(cswift_dso != NULL)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libswift.so/swift.dll/whatever. */
+        cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL,
+                DSO_FLAG_NAME_TRANSLATION);
+        if(cswift_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        if(!(p1 = (t_swAcquireAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+                        !(p2 = (t_swAttachKeyParam *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+                        !(p3 = (t_swSimpleRequest *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+                        !(p4 = (t_swReleaseAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F4)))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_CSwift_AcquireAccContext = p1;
+        p_CSwift_AttachKeyParam = p2;
+        p_CSwift_SimpleRequest = p3;
+        p_CSwift_ReleaseAccContext = p4;
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hac))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
+                goto err;
+                }
+        release_context(hac);
+        /* Everything's fine. */
+        return 1;
+err:
+        if(cswift_dso)
+                DSO_free(cswift_dso);
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 0;
+        }
+
+static int cswift_finish()
+        {
+        if(cswift_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(cswift_dso))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
+                return 0;
+                }
+        cswift_dso = NULL;
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 1;
+        }
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the CryptoSwift API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        int to_return, acquired;
+ 
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+        acquired = 0;
+ 
+        if(!get_context(&hac))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!modulus || !exponent || !argument || !result)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+                !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_EXP;
+        sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+                (unsigned char *)modulus->d);
+        sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+        sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+                (unsigned char *)exponent->d);
+        sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
+                        ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                goto err;
+        default:
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = BN_num_bytes(m);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(acquired)
+                release_context(hac);
+        if(modulus) ctx->tos--;
+        if(exponent) ctx->tos--;
+        if(argument) ctx->tos--;
+        if(result) ctx->tos--;
+        return to_return;
+        }
+
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dmp1,
+                        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        BIGNUM *rsa_p = NULL;
+        BIGNUM *rsa_q = NULL;
+        BIGNUM *rsa_dmp1 = NULL;
+        BIGNUM *rsa_dmq1 = NULL;
+        BIGNUM *rsa_iqmp = NULL;
+        BIGNUM *argument = NULL;
+        BIGNUM *result = NULL;
+        int to_return = 0; /* expect failure */
+        int acquired = 0;
+ 
+        if(!get_context(&hac))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        rsa_p = BN_CTX_get(ctx);
+        rsa_q = BN_CTX_get(ctx);
+        rsa_dmp1 = BN_CTX_get(ctx);
+        rsa_dmq1 = BN_CTX_get(ctx);
+        rsa_iqmp = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
+                        !argument || !result)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+                        !bn_wexpand(rsa_dmp1, dmp1->top) ||
+                        !bn_wexpand(rsa_dmq1, dmq1->top) ||
+                        !bn_wexpand(rsa_iqmp, iqmp->top) ||
+                        !bn_wexpand(argument, a->top) ||
+                        !bn_wexpand(result, p->top + q->top))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_CRT;
+        sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+        sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+        sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+        sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+        sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+                (unsigned char *)rsa_dmp1->d);
+        sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+        sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+                (unsigned char *)rsa_dmq1->d);
+        sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+        sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+                (unsigned char *)rsa_iqmp->d);
+        sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
+                        ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                goto err;
+        default:
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = 2 * BN_num_bytes(p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(acquired)
+                release_context(hac);
+        if(rsa_p) ctx->tos--;
+        if(rsa_q) ctx->tos--;
+        if(rsa_dmp1) ctx->tos--;
+        if(rsa_dmq1) ctx->tos--;
+        if(rsa_iqmp) ctx->tos--;
+        if(argument) ctx->tos--;
+        if(result) ctx->tos--;
+        return to_return;
+        }
+ 
+static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx;
+        int to_return = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+                rsa->dmq1, rsa->iqmp, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        unsigned char *ptr;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *result = NULL;
+        DSA_SIG *to_return = NULL;
+        int acquired = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+                        !bn_wexpand(result, dsa->p->top))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
+                        ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                goto err;
+        default:
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = dlen;
+        arg.value = (unsigned char *)dgst;
+        res.nbytes = BN_num_bytes(dsa->p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        ptr = (unsigned char *)result->d;
+        if((to_return = DSA_SIG_new()) == NULL)
+                goto err;
+        to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+        to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+        if(acquired)
+                release_context(hac);
+        if(dsa_p) ctx->tos--;
+        if(dsa_q) ctx->tos--;
+        if(dsa_g) ctx->tos--;
+        if(dsa_key) ctx->tos--;
+        if(result) ctx->tos--;
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg[2], res;
+        unsigned long sig_result;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *argument = NULL;
+        int to_return = -1;
+        int acquired = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+                        !bn_wexpand(argument, 40))
+                {
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
+                        ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                goto err;
+        default:
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg[0].nbytes = dgst_len;
+        arg[0].value = (unsigned char *)dgst;
+        arg[1].nbytes = 40;
+        arg[1].value = (unsigned char *)argument->d;
+        memset(arg[1].value, 0, 40);
+        BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+        BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+        res.nbytes = 4; /* unsigned long */
+        res.value = (unsigned char *)(&sig_result);
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[20];
+                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        to_return = ((sig_result == 0) ? 0 : 1);
+
+err:
+        if(acquired)
+                release_context(hac);
+        if(dsa_p) ctx->tos--;
+        if(dsa_q) ctx->tos--;
+        if(dsa_g) ctx->tos--;
+        if(dsa_key) ctx->tos--;
+        if(argument) ctx->tos--;
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
diff --git a/src/lib/libssl/src/crypto/engine/hw_ncipher.c b/src/lib/libssl/src/crypto/engine/hw_ncipher.c
new file mode 100644
index 0000000000..41f5900676
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/hw_ncipher.c
@@ -0,0 +1,1019 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_NCIPHER
+
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+
+static int hwcrhk_init(void);
+static int hwcrhk_finish(void);
+static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()); 
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+        const char *passphrase);
+static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id,
+        const char *passphrase);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int index,long argl, void *argp);
+
+/* Interaction stuff */
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstream, const char *message);
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+        {
+        "nCipher RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        hwcrhk_rsa_mod_exp,
+        hwcrhk_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+        {
+        "nCipher DH method",
+        NULL,
+        NULL,
+        hwcrhk_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+
+static RAND_METHOD hwcrhk_rand =
+        {
+        /* "nCipher RAND method", */
+        NULL,
+        hwcrhk_rand_bytes,
+        NULL,
+        NULL,
+        hwcrhk_rand_bytes,
+        hwcrhk_rand_status,
+        };
+
+/* Our ENGINE structure. */
+static ENGINE engine_hwcrhk =
+        {
+        "chil",
+        "nCipher hardware engine support",
+        &hwcrhk_rsa,
+        NULL,
+        &hwcrhk_dh,
+        &hwcrhk_rand,
+        hwcrhk_mod_exp,
+        NULL,
+        hwcrhk_init,
+        hwcrhk_finish,
+        hwcrhk_ctrl,
+        hwcrhk_load_privkey,
+        hwcrhk_load_pubkey,
+        0, /* no flags */
+        0, 0, /* no references */
+        NULL, NULL /* unlinked */
+        };
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+   into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+        {
+        int lockid;
+        };
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_PassphraseContextValue
+   into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+        {
+        void *any;
+        };
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_CallerContextValue
+   into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+        {
+        void *any;
+        };
+
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+   BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+#if 0 /* Card and password management is not yet supported */
+/* HWCryptoHook callbacks.  insert_card() and get_pass() are not yet
+   defined, because we haven't quite decided on the proper form yet.
+   log_message() just adds an entry in the error stack.  I don't know
+   if that's good or bad...  */
+static int insert_card(const char *prompt_info,
+        const char *wrong_info,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static int get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+#endif
+
+static BIO *logstream = NULL;
+static pem_password_cb *password_callback = NULL;
+#if 0
+static void *password_callback_userdata = NULL;
+#endif
+static int disable_mutex_callbacks = 0;
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+        0,                      /* Flags */
+        &logstream,             /* logstream */
+        sizeof(BN_ULONG),       /* limbsize */
+        0,                      /* mslimb first: false for BNs */
+        -1,                     /* msbyte first: use native */
+        0,                      /* Max mutexes, 0 = no small limit */
+        0,                      /* Max simultaneous, 0 = default */
+
+        /* The next few are mutex stuff: we write wrapper functions
+           around the OS mutex functions.  We initialise them to 0
+           here, and change that to actual function pointers in hwcrhk_init()
+           if dynamic locks are supported (that is, if the application
+           programmer has made sure of setting up callbacks bafore starting
+           this engine) *and* if disable_mutex_callbacks hasn't been set by
+           a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+        sizeof(HWCryptoHook_Mutex),
+        0,
+        0,
+        0,
+        0,
+
+        /* The next few are condvar stuff: we write wrapper functions
+           round the OS functions.  Currently not implemented and not
+           and absolute necessity even in threaded programs, therefore
+           0'ed.  Will hopefully be implemented some day, since it
+           enhances the efficiency of HWCryptoHook.  */
+        0, /* sizeof(HWCryptoHook_CondVar), */
+        0, /* hwcrhk_cv_init, */
+        0, /* hwcrhk_cv_wait, */
+        0, /* hwcrhk_cv_signal, */
+        0, /* hwcrhk_cv_broadcast, */
+        0, /* hwcrhk_cv_destroy, */
+
+        hwcrhk_get_pass,        /* pass phrase */
+        0, /* insert_card, */   /* insert a card */
+        hwcrhk_log_message      /* Log message */
+};
+
+
+/* Now, to our own code */
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_ncipher()
+        {
+        RSA_METHOD *meth1;
+        DH_METHOD *meth2;
+
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        hwcrhk_dh.generate_key = meth2->generate_key;
+        hwcrhk_dh.compute_key = meth2->compute_key;
+        return &engine_hwcrhk;
+        }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+static int hndidx = -1; /* Index for KM handle.  Not really used yet. */
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = "nfhwcrhk";
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = 1024;
+
+        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+                NULL);
+        if (!*hac)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+        {
+        p_hwcrhk_Finish(hac);
+        }
+
+/* (de)initialisation functions. */
+static int hwcrhk_init()
+        {
+        HWCryptoHook_Init_t *p1;
+        HWCryptoHook_Finish_t *p2;
+        HWCryptoHook_ModExp_t *p3;
+        HWCryptoHook_RSA_t *p4;
+        HWCryptoHook_RSALoadKey_t *p5;
+        HWCryptoHook_RSAGetPublicKey_t *p6;
+        HWCryptoHook_RSAUnloadKey_t *p7;
+        HWCryptoHook_RandomBytes_t *p8;
+        HWCryptoHook_ModExpCRT_t *p9;
+
+        if(hwcrhk_dso != NULL)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+        hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL,
+                DSO_FLAG_NAME_TRANSLATION);
+        if(hwcrhk_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        if(!(p1 = (HWCryptoHook_Init_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+                !(p2 = (HWCryptoHook_Finish_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+                !(p3 = (HWCryptoHook_ModExp_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+                !(p4 = (HWCryptoHook_RSA_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+                !(p5 = (HWCryptoHook_RSALoadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+                !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+                !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+                !(p8 = (HWCryptoHook_RandomBytes_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+                !(p9 = (HWCryptoHook_ModExpCRT_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_hwcrhk_Init = p1;
+        p_hwcrhk_Finish = p2;
+        p_hwcrhk_ModExp = p3;
+        p_hwcrhk_RSA = p4;
+        p_hwcrhk_RSALoadKey = p5;
+        p_hwcrhk_RSAGetPublicKey = p6;
+        p_hwcrhk_RSAUnloadKey = p7;
+        p_hwcrhk_RandomBytes = p8;
+        p_hwcrhk_ModExpCRT = p9;
+
+        /* Check if the application decided to support dynamic locks,
+           and if it does, use them. */
+        if (disable_mutex_callbacks == 0 &&
+                CRYPTO_get_dynlock_create_callback() != NULL &&
+                CRYPTO_get_dynlock_lock_callback() != NULL &&
+                CRYPTO_get_dynlock_destroy_callback() != NULL)
+                {
+                hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+                hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+                hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+                hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+                }
+
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hwcrhk_context))
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+        if (hndidx == -1)
+                hndidx = RSA_get_ex_new_index(0,
+                        "nFast HWCryptoHook RSA key handle",
+                        NULL, NULL, hwcrhk_ex_free);
+        return 1;
+err:
+        if(hwcrhk_dso)
+                DSO_free(hwcrhk_dso);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return 0;
+        }
+
+static int hwcrhk_finish()
+        {
+        int to_return = 1;
+        if(hwcrhk_dso == NULL)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_NOT_LOADED);
+                to_return = 0;
+                goto err;
+                }
+        release_context(hwcrhk_context);
+        if(!DSO_free(hwcrhk_dso))
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_DSO_FAILURE);
+                to_return = 0;
+                goto err;
+                }
+ err:
+        if (logstream)
+                BIO_free(logstream);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return to_return;
+        }
+
+static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
+        {
+        int to_return = 1;
+
+        switch(cmd)
+                {
+        case ENGINE_CTRL_SET_LOGSTREAM:
+                {
+                BIO *bio = (BIO *)p;
+
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if (logstream)
+                        {
+                        BIO_free(logstream);
+                        logstream = NULL;
+                        }
+                if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+                        logstream = bio;
+                else
+                        ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED);
+                }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_callback = (pem_password_cb *)f;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* this enables or disables the "SimpleForkCheck" flag used in the
+         * initialisation structure. */
+        case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if(i)
+                        hwcrhk_globals.flags |=
+                                HWCryptoHook_InitFlags_SimpleForkCheck;
+                else
+                        hwcrhk_globals.flags &=
+                                ~HWCryptoHook_InitFlags_SimpleForkCheck;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading. */
+        case ENGINE_CTRL_CHIL_NO_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                disable_mutex_callbacks = 1;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+
+        /* The command isn't understood by this engine */
+        default:
+                ENGINEerr(ENGINE_F_HWCRHK_CTRL,
+                        ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                to_return = 0;
+                break;
+                }
+
+        return to_return;
+        }
+
+static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+        const char *passphrase)
+        {
+        RSA *rtmp = NULL;
+        EVP_PKEY *res = NULL;
+        HWCryptoHook_MPI e, n;
+        HWCryptoHook_RSAKeyHandle *hptr;
+        HWCryptoHook_ErrMsgBuf rmsg;
+
+        if(!hwcrhk_context)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+                        ENGINE_R_NOT_INITIALISED);
+                goto err;
+                }
+        hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+        if (!hptr)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+                        ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+                &rmsg, NULL))
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+                        ENGINE_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        if (!*hptr)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+                        ENGINE_R_NO_KEY);
+                goto err;
+                }
+        rtmp = RSA_new_method(&engine_hwcrhk);
+        RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
+        rtmp->e = BN_new();
+        rtmp->n = BN_new();
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+                != HWCRYPTOHOOK_ERROR_MPISIZE)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+                        
+        bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+        bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
+                        ENGINE_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        rtmp->e->top = e.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->e);
+        rtmp->n->top = n.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->n);
+
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+        if (rtmp)
+                RSA_free(rtmp);
+        return NULL;
+        }
+
+static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
+        {
+        EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase);
+
+        if (res)
+                switch(res->type)
+                        {
+                case EVP_PKEY_RSA:
+                        {
+                        RSA *rsa = NULL;
+
+                        CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+                        rsa = res->pkey.rsa;
+                        res->pkey.rsa = RSA_new();
+                        res->pkey.rsa->n = rsa->n;
+                        res->pkey.rsa->e = rsa->e;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                        RSA_free(rsa);
+                        }
+                default:
+                        ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
+                                ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                        goto err;
+                        }
+
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+        return NULL;
+        }
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+           we use them directly, plus a little macro magic.  We only
+           thing we need to make sure of is that enough space is allocated. */
+        HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+        int to_return, ret;
+ 
+        to_return = 0; /* expect failure */
+        rmsg.buf = tempbuf;
+        rmsg.size = 1024;
+
+        if(!hwcrhk_context)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+                goto err;
+                }
+        /* Prepare the params */
+        bn_expand2(r, m->top);  /* Check for error !! */
+        BN2MPI(m_a, a);
+        BN2MPI(m_p, p);
+        BN2MPI(m_n, m);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+
+        to_return = 1;
+err:
+        return to_return;
+        }
+ 
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        HWCryptoHook_RSAKeyHandle *hptr;
+        int to_return = 0, ret;
+
+        if(!hwcrhk_context)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+                goto err;
+                }
+
+        /* This provides support for nForce keys.  Since that's opaque data
+           all we do is provide a handle to the proper key and let HWCryptoHook
+           take care of the rest. */
+        if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx))
+                != NULL)
+                {
+                HWCryptoHook_MPI m_a, m_r;
+
+                if(!rsa->n)
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
+                                ENGINE_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+
+                rmsg.buf = tempbuf;
+                rmsg.size = 1024;
+
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                MPI2BN(r, m_r);
+
+                /* Perform the operation */
+                ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        else
+                {
+                HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+                if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
+                                ENGINE_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+
+                rmsg.buf = tempbuf;
+                rmsg.size = 1024;
+
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                BN2MPI(m_p, rsa->p);
+                BN2MPI(m_q, rsa->q);
+                BN2MPI(m_dmp1, rsa->dmp1);
+                BN2MPI(m_dmq1, rsa->dmq1);
+                BN2MPI(m_iqmp, rsa->iqmp);
+                MPI2BN(r, m_r);
+
+                /* Perform the operation */
+                ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+                        m_dmp1, m_dmq1, m_iqmp, &m_r, NULL);
+
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        /* If we're here, we must be here with some semblance of success :-) */
+        to_return = 1;
+err:
+        return to_return;
+        }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        int to_return = 0; /* assume failure */
+        int ret;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = 1024;
+
+        if(!hwcrhk_context)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+                goto err;
+                }
+
+        ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        to_return = 1;
+ err:
+        return to_return;
+        }
+
+static int hwcrhk_rand_status(void)
+        {
+        return 1;
+        }
+
+/* This cleans up an RSA KM key, called when ex_data is freed */
+
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int index,long argl, void *argp)
+{
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        HWCryptoHook_RSAKeyHandle *hptr;
+        int ret;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = 1024;
+
+        hptr = (HWCryptoHook_RSAKeyHandle *) item;
+        if(!hptr) return;
+        ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+        OPENSSL_free(hptr);
+}
+
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        mt->lockid = CRYPTO_get_new_dynlockid();
+        if (mt->lockid == 0)
+                return 0;
+        return 1;
+        }
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_w_lock(mt->lockid);
+        return 1;
+        }
+
+void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+        {
+        CRYPTO_w_unlock(mt->lockid);
+        }
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_destroy_dynlockid(mt->lockid);
+        }
+
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        int l = 0;
+        char prompt[1024];
+
+        if (password_callback == NULL)
+                {
+                ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
+                return -1;
+                }
+        if (prompt_info)
+                {
+                strncpy(prompt, "Card: \"", sizeof(prompt));
+                l += 5;
+                strncpy(prompt + l, prompt_info, sizeof(prompt) - l);
+                l += strlen(prompt_info);
+                if (l + 2 < sizeof(prompt))
+                        {
+                        strncpy(prompt + l, "\"\n", sizeof(prompt) - l);
+                        l += 2;
+                        }
+                }
+        if (l < sizeof(prompt) - 1)
+                {
+                strncpy(prompt, "Enter Passphrase <enter to cancel>:",
+                        sizeof(prompt) - l);
+                l += 35;
+                }
+        prompt[l] = '\0';
+
+        /* I know, passing on the prompt instead of the user data *is*
+           a bad thing.  However, that's all we have right now.
+           --  Richard Levitte */
+        *len_io = password_callback(buf, *len_io, 0, prompt);
+        if(!*len_io)
+                return -1;
+        return 0;
+        }
+
+static void hwcrhk_log_message(void *logstream, const char *message)
+        {
+        BIO *lstream = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+        if (logstream)
+                lstream=*(BIO **)logstream;
+        if (lstream)
+                {
+                BIO_write(lstream, message, strlen(message));
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+        }
+
+#endif /* !NO_HW_NCIPHER */
+#endif /* !NO_HW */
diff --git a/src/lib/libssl/src/crypto/engine/vendor_defns/atalla.h b/src/lib/libssl/src/crypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000000..8111649c54
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,61 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+
+typedef struct ItemStr
+        {
+        unsigned char *data;
+        int len;
+        } Item;
+
+typedef struct RSAPrivateKeyStr
+        {
+        void *reserved;
+        Item version;
+        Item modulus;
+        Item publicExponent;
+        Item privateExponent;
+        Item prime[2];
+        Item exponent[2];
+        Item coefficient;
+        } RSAPrivateKey;
+
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+                                        unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+                                        unsigned char *output,
+                                        unsigned char *input,
+                                        unsigned int modulus_len);
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = "atasi";
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
diff --git a/src/lib/libssl/src/crypto/engine/vendor_defns/cswift.h b/src/lib/libssl/src/crypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000000..0af14a1a92
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,213 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+
+
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef long              SW_STATUS;              /* status           */
+typedef unsigned char     SW_BYTE;                /* 8 bit byte       */
+typedef unsigned short    SW_U16;                 /* 16 bit number    */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t        SW_U32;
+#else
+typedef unsigned long     SW_U32;                 /* 32 bit integer   */
+#endif
+ 
+#if defined(WIN32)
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#elif defined(MAC)
+  typedef longlong SW_U64
+#else /* Unix variants */
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#endif
+
+/* status codes */
+#define SW_OK                 (0L)
+#define SW_ERR_BASE           (-10000L)
+#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */
+                                              /*    up yet                 */
+#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */
+                                              /*    time out               */
+#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */
+                                              /*    execute the command    */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */
+                                              /*    handle                 */
+#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
+                                              /*    standing at this       */
+                                              /*    context handle         */
+#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */
+#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */
+#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */
+#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */
+                                              /*    in SW_PARAM structure  */
+#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */
+                                              /*    context.               */
+                                              /*    swAttachKeyParam() is  */
+                                              /*    not called.            */
+#define SW_ERR_KEY_CMD_MISMATCH \
+                              (SW_ERR_BASE-14)/* Cannot perform requested  */
+                                              /*    SW_COMMAND_CODE since  */
+                                              /*    key attached via       */
+                                              /*    swAttachKeyParam()     */
+                                              /*    cannot be used for this*/
+                                              /*    SW_COMMAND_CODE.       */
+#define SW_ERR_NOT_IMPLEMENTED \
+                              (SW_ERR_BASE-15)/* Not implemented           */
+#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */
+#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */
+                                              /*    the "initems" or       */
+                                              /*    "outitems".            */
+#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */
+#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */
+                                              /*    test fail, look at the */
+                                              /*    selfTestBitmap in      */
+                                              /*    SW_ACCELERATOR_INFO for*/
+                                              /*    details.               */
+#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/
+                                              /*    key materials aligned  */
+                                              /*    in certain order, e.g. */
+                                              /*    128 bit for CRT        */
+#define SW_ERR_OUTPUT_NULL_PTR \
+                              (SW_ERR_BASE-21)/* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_OUTPUT_SIZE \
+                              (SW_ERR_BASE-22)/* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+                                              /*    download failed.       */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+                              (SW_ERR_BASE-24)/* unknown firmware error    */
+#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */
+                                              /*    it's waiting to be     */
+                                              /*    completed.             */
+#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */
+                                              /*    volatile memory        */
+#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */
+                                              /*    writing to NV memory   */
+#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */
+                                              /*    failure                */
+#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */
+                                              /*    calculations           */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */
+                                              /*    board memory           */
+#define SW_ERR_FIRMWARE_VERSION \
+                              (SW_ERR_BASE-32)/* Wrong version in firmware */
+                                              /*    update                 */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+                              (SW_ERR_BASE-44)/* All accelerators are bad  */
+
+
+  /* algorithm type */
+#define SW_ALG_CRT          1
+#define SW_ALG_EXP          2
+#define SW_ALG_DSA          3
+#define SW_ALG_NVDATA       4
+
+  /* command code */
+#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */
+                              /*  Chinese Remainder Theorem (CRT)      */
+#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */
+#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */
+#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */
+#define SW_CMD_RAND         5 /* perform random number generation      */
+#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */
+#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */
+
+typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */
+typedef SW_U32            SW_STATE;               /* state            */
+typedef SW_U32            SW_COMMAND_CODE;        /* command code     */
+typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */
+
+typedef struct _SW_LARGENUMBER {
+    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */
+    SW_BYTE*  value;        /* the large integer as a string of       */
+                            /*   bytes in network (big endian) order  */
+} SW_LARGENUMBER;               
+
+typedef struct _SW_CRT {
+    SW_LARGENUMBER  p;      /* prime number p                         */
+    SW_LARGENUMBER  q;      /* prime number q                         */
+    SW_LARGENUMBER  dmp1;   /* exponent1                              */
+    SW_LARGENUMBER  dmq1;   /* exponent2                              */
+    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */
+} SW_CRT;
+
+typedef struct _SW_EXP {
+    SW_LARGENUMBER  modulus; /* modulus                                */
+    SW_LARGENUMBER  exponent;/* exponent                               */
+} SW_EXP;
+
+typedef struct _SW_DSA {
+    SW_LARGENUMBER  p;      /*                                        */
+    SW_LARGENUMBER  q;      /*                                        */
+    SW_LARGENUMBER  g;      /*                                        */
+    SW_LARGENUMBER  key;    /* private/public key                     */
+} SW_DSA;
+
+typedef struct _SW_NVDATA {
+    SW_U32 accnum;          /* accelerator board number               */
+    SW_U32 offset;          /* offset in byte                         */
+} SW_NVDATA;
+
+typedef struct _SW_PARAM {
+    SW_ALGTYPE    type;     /* type of the alogrithm                  */
+    union {
+        SW_CRT    crt;
+        SW_EXP    exp;
+        SW_DSA    dsa;
+        SW_NVDATA nvdata;
+    } up;
+} SW_PARAM;
+
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+                                SW_PARAM *key_params);
+typedef SW_STATUS t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+                                SW_COMMAND_CODE cmd,
+                                SW_LARGENUMBER pin[],
+                                SW_U32 pin_count,
+                                SW_LARGENUMBER pout[],
+                                SW_U32 pout_count);
+typedef SW_STATUS t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
diff --git a/src/lib/libssl/src/crypto/err/Makefile.ssl b/src/lib/libssl/src/crypto/err/Makefile.ssl
index fb74e4eb13..cf94f406e4 100644
--- a/src/lib/libssl/src/crypto/err/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/err/Makefile.ssl
@@ -83,24 +83,28 @@ err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-err.o: ../../include/openssl/stack.h ../cryptlib.h
+err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err.o: ../cryptlib.h
 err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-err_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 err_all.o: ../../include/openssl/x509v3.h
 err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -108,4 +112,5 @@ err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-err_prn.o: ../../include/openssl/stack.h ../cryptlib.h
+err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_prn.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index eb8c76aa0b..99272e437c 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -116,8 +116,8 @@
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
+#include <openssl/bio.h>
 #include <openssl/err.h>
-#include <openssl/crypto.h>
 
 
 static LHASH *error_hash=NULL;
@@ -137,6 +137,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
 {ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
 {ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
 {ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
 {ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
 {ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
@@ -155,6 +156,8 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
 {ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
 {ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
 {0,NULL},
         };
 
@@ -205,6 +208,8 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 {ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
 {ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
 {ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
 
 {0,NULL},
         };
@@ -225,7 +230,7 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
 
 static void build_SYS_str_reasons()
         {
-        /* Malloc cannot be used here, use static storage instead */
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
         static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
         int i;
 
@@ -262,7 +267,7 @@ static void build_SYS_str_reasons()
         if (((p)->err_data[i] != NULL) && \
                 (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
                 {  \
-                Free((p)->err_data[i]); \
+                OPENSSL_free((p)->err_data[i]); \
                 (p)->err_data[i]=NULL; \
                 } \
         (p)->err_data_flags[i]=0;
@@ -278,7 +283,7 @@ static void ERR_STATE_free(ERR_STATE *s)
                 {
                 err_clear_data(s,i);
                 }
-        Free(s);
+        OPENSSL_free(s);
         }
 
 void ERR_load_ERR_strings(void)
@@ -475,13 +480,11 @@ static unsigned long get_error_values(int inc, const char **file, int *line,
         return(ret);
         }
 
-/* BAD for multi-threaded, uses a local buffer if ret == NULL */
-char *ERR_error_string(unsigned long e, char *ret)
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
         {
-        static char buf[256];
+        char lsbuf[64], fsbuf[64], rsbuf[64];
         const char *ls,*fs,*rs;
         unsigned long l,f,r;
-        int i;
 
         l=ERR_GET_LIB(e);
         f=ERR_GET_FUNC(e);
@@ -491,21 +494,50 @@ char *ERR_error_string(unsigned long e, char *ret)
         fs=ERR_func_error_string(e);
         rs=ERR_reason_error_string(e);
 
-        if (ret == NULL) ret=buf;
-
-        sprintf(&(ret[0]),"error:%08lX:",e);
-        i=strlen(ret);
-        if (ls == NULL)
-                sprintf(&(ret[i]),":lib(%lu) ",l);
-        else    sprintf(&(ret[i]),"%s",ls);
-        i=strlen(ret);
+        if (ls == NULL) 
+                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
         if (fs == NULL)
-                sprintf(&(ret[i]),":func(%lu) ",f);
-        else    sprintf(&(ret[i]),":%s",fs);
-        i=strlen(ret);
+                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
         if (rs == NULL)
-                sprintf(&(ret[i]),":reason(%lu)",r);
-        else    sprintf(&(ret[i]),":%s",rs);
+                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
+                fs?fs:fsbuf, rs?rs:rsbuf);
+        if (strlen(buf) == len-1)
+                {
+                /* output may be truncated; make sure we always have 5 
+                 * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+                if (len > NUM_COLONS) /* ... if possible */
+                        {
+                        int i;
+                        char *s = buf;
+                        
+                        for (i = 0; i < NUM_COLONS; i++)
+                                {
+                                char *colon = strchr(s, ':');
+                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+                                        {
+                                        /* set colon no. i at last possible position
+                                         * (buf[len-1] is the terminating 0)*/
+                                        colon = &buf[len-1] - NUM_COLONS + i;
+                                        *colon = ':';
+                                        }
+                                s = colon + 1;
+                                }
+                        }
+                }
+        }
+
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
+        {
+        static char buf[256];
+
+        if (ret == NULL) ret=buf;
+        ERR_error_string_n(e, ret, 256);
 
         return(ret);
         }
@@ -515,6 +547,7 @@ LHASH *ERR_get_string_table(void)
         return(error_hash);
         }
 
+/* not thread-safe */
 LHASH *ERR_get_err_state_table(void)
         {
         return(thread_hash);
@@ -527,7 +560,7 @@ const char *ERR_lib_error_string(unsigned long e)
 
         l=ERR_GET_LIB(e);
 
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 
         if (error_hash != NULL)
                 {
@@ -535,7 +568,7 @@ const char *ERR_lib_error_string(unsigned long e)
                 p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
                 }
 
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 
         return((p == NULL)?NULL:p->string);
         }
@@ -548,7 +581,7 @@ const char *ERR_func_error_string(unsigned long e)
         l=ERR_GET_LIB(e);
         f=ERR_GET_FUNC(e);
 
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 
         if (error_hash != NULL)
                 {
@@ -556,7 +589,7 @@ const char *ERR_func_error_string(unsigned long e)
                 p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
                 }
 
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 
         return((p == NULL)?NULL:p->string);
         }
@@ -569,7 +602,7 @@ const char *ERR_reason_error_string(unsigned long e)
         l=ERR_GET_LIB(e);
         r=ERR_GET_REASON(e);
 
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 
         if (error_hash != NULL)
                 {
@@ -582,7 +615,7 @@ const char *ERR_reason_error_string(unsigned long e)
                         }
                 }
 
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 
         return((p == NULL)?NULL:p->string);
         }
@@ -613,7 +646,7 @@ static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
 
 void ERR_remove_state(unsigned long pid)
         {
-        ERR_STATE *p,tmp;
+        ERR_STATE *p = NULL,tmp;
 
         if (thread_hash == NULL)
                 return;
@@ -621,7 +654,16 @@ void ERR_remove_state(unsigned long pid)
                 pid=(unsigned long)CRYPTO_thread_id();
         tmp.pid=pid;
         CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
+        if (thread_hash)
+                {
+                p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
+                if (lh_num_items(thread_hash) == 0)
+                        {
+                        /* make sure we don't leak memory */
+                        lh_free(thread_hash);
+                        thread_hash = NULL;
+                        }
+                }
         CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
         if (p != NULL) ERR_STATE_free(p);
@@ -630,39 +672,25 @@ void ERR_remove_state(unsigned long pid)
 ERR_STATE *ERR_get_state(void)
         {
         static ERR_STATE fallback;
-        ERR_STATE *ret=NULL,tmp,*tmpp;
+        ERR_STATE *ret=NULL,tmp,*tmpp=NULL;
+        int thread_state_exists;
         int i;
         unsigned long pid;
 
         pid=(unsigned long)CRYPTO_thread_id();
 
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-        if (thread_hash == NULL)
-                {
-                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-                CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-                if (thread_hash == NULL)
-                        {
-                        MemCheck_off();
-                        thread_hash=lh_new(pid_hash,pid_cmp);
-                        MemCheck_on();
-                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-                        if (thread_hash == NULL) return(&fallback);
-                        }
-                else
-                        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-                }
-        else
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (thread_hash != NULL)
                 {
                 tmp.pid=pid;
                 ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp);
-                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
                 }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
         /* ret == the error state, if NULL, make a new one */
         if (ret == NULL)
                 {
-                ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE));
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
                 if (ret == NULL) return(&fallback);
                 ret->pid=pid;
                 ret->top=0;
@@ -672,9 +700,29 @@ ERR_STATE *ERR_get_state(void)
                         ret->err_data[i]=NULL;
                         ret->err_data_flags[i]=0;
                         }
+
                 CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-                tmpp=(ERR_STATE *)lh_insert(thread_hash,ret);
+
+                /* no entry yet in thread_hash for current thread -
+                 * thus, it may have changed since we last looked at it */
+                if (thread_hash == NULL)
+                        thread_hash = lh_new(pid_hash, pid_cmp);
+                if (thread_hash == NULL)
+                        thread_state_exists = 0; /* allocation error */
+                else
+                        {
+                        tmpp=(ERR_STATE *)lh_insert(thread_hash,ret);
+                        thread_state_exists = 1;
+                        }
+
                 CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+                if (!thread_state_exists)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                
                 if (tmpp != NULL) /* old entry - should not happen */
                         {
                         ERR_STATE_free(tmpp);
@@ -712,7 +760,7 @@ void ERR_add_error_data(int num, ...)
         char *str,*p,*a;
 
         s=64;
-        str=Malloc(s+1);
+        str=OPENSSL_malloc(s+1);
         if (str == NULL) return;
         str[0]='\0';
 
@@ -728,10 +776,10 @@ void ERR_add_error_data(int num, ...)
                         if (n > s)
                                 {
                                 s=n+20;
-                                p=Realloc(str,s+1);
+                                p=OPENSSL_realloc(str,s+1);
                                 if (p == NULL)
                                         {
-                                        Free(str);
+                                        OPENSSL_free(str);
                                         return;
                                         }
                                 else
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
index 15bafbff43..7388a4a937 100644
--- a/src/lib/libssl/src/crypto/err/err.h
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -59,12 +59,20 @@
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifndef NO_FP_API
 #include <stdio.h>
+#include <stdlib.h>
+#endif
+
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef NO_LHASH
+#include <openssl/lhash.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
 #endif
 
 /* The following is a bit of a trick to help the object files only contain
@@ -123,6 +131,8 @@ typedef struct err_state_st
 #define ERR_LIB_X509V3          34
 #define ERR_LIB_PKCS12          35
 #define ERR_LIB_RAND            36
+#define ERR_LIB_DSO             37
+#define ERR_LIB_ENGINE          38
 
 #define ERR_LIB_USER            128
 
@@ -151,6 +161,8 @@ typedef struct err_state_st
 #define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
 #define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
 #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
+#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
+#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
@@ -199,6 +211,8 @@ typedef struct err_state_st
 #define ERR_R_BIO_LIB   ERR_LIB_BIO
 #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
 #define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+#define ERR_R_DSO_LIB   ERR_LIB_DSO
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
 
 /* fatal error */
 #define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
@@ -230,13 +244,14 @@ unsigned long ERR_peek_error_line_data(const char **file,int *line,
                                        const char **data,int *flags);
 void ERR_clear_error(void );
 char *ERR_error_string(unsigned long e,char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
 const char *ERR_lib_error_string(unsigned long e);
 const char *ERR_func_error_string(unsigned long e);
 const char *ERR_reason_error_string(unsigned long e);
 #ifndef NO_FP_API
 void ERR_print_errors_fp(FILE *fp);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 void ERR_print_errors(BIO *bp);
 void ERR_add_error_data(int num, ...);
 #endif
@@ -248,15 +263,13 @@ void ERR_free_strings(void);
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
 ERR_STATE *ERR_get_state(void);
 
-#ifdef HEADER_LHASH_H
-LHASH *ERR_get_string_table(void );
-LHASH *ERR_get_err_state_table(void );
-#else
-char *ERR_get_string_table(void );
-char *ERR_get_err_state_table(void );
+#ifndef NO_LHASH
+LHASH *ERR_get_string_table(void);
+LHASH *ERR_get_err_state_table(void); /* even less thread-safe than
+                                       * ERR_get_string_table :-) */
 #endif
 
-int ERR_get_next_error_library(void );
+int ERR_get_next_error_library(void);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index 10c463b389..b8315d8272 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -81,6 +81,8 @@
 #include <openssl/conf.h>
 #include <openssl/pkcs12.h>
 #include <openssl/rand.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
 #include <openssl/err.h>
 
 void ERR_load_crypto_strings(void)
@@ -118,5 +120,7 @@ void ERR_load_crypto_strings(void)
         ERR_load_PKCS7_strings();
         ERR_load_PKCS12_strings();
         ERR_load_RAND_strings();
+        ERR_load_DSO_strings();
+        ERR_load_ENGINE_strings();
 #endif
         }
diff --git a/src/lib/libssl/src/crypto/err/err_prn.c b/src/lib/libssl/src/crypto/err/err_prn.c
index 0999ff214b..6f60b016c3 100644
--- a/src/lib/libssl/src/crypto/err/err_prn.c
+++ b/src/lib/libssl/src/crypto/err/err_prn.c
@@ -76,7 +76,8 @@ void ERR_print_errors_fp(FILE *fp)
         es=CRYPTO_thread_id();
         while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
                 {
-                fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf),
+                ERR_error_string_n(l, buf, sizeof buf);
+                fprintf(fp,"%lu:%s:%s:%d:%s\n",es,buf,
                         file,line,(flags&ERR_TXT_STRING)?data:"");
                 }
         }
@@ -94,7 +95,8 @@ void ERR_print_errors(BIO *bp)
         es=CRYPTO_thread_id();
         while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
                 {
-                sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf),
+                ERR_error_string_n(l, buf, sizeof buf);
+                sprintf(buf2,"%lu:%s:%s:%d:",es,buf,
                         file,line);
                 BIO_write(bp,buf2,strlen(buf2));
                 if (flags & ERR_TXT_STRING)
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec
index e132ba3182..861d680e07 100644
--- a/src/lib/libssl/src/crypto/err/openssl.ec
+++ b/src/lib/libssl/src/crypto/err/openssl.ec
@@ -3,6 +3,7 @@ L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
 L BN            crypto/bn/bn.h                  crypto/bn/bn_err.c
 L RSA           crypto/rsa/rsa.h                crypto/rsa/rsa_err.c
 L DSA           crypto/dsa/dsa.h                crypto/dsa/dsa_err.c
+L DSO           crypto/dso/dso.h                crypto/dso/dso_err.c
 L DH            crypto/dh/dh.h                  crypto/dh/dh_err.c
 L EVP           crypto/evp/evp.h                crypto/evp/evp_err.c
 L BUF           crypto/buffer/buffer.h          crypto/buffer/buf_err.c
@@ -22,6 +23,7 @@ L RSAREF	rsaref/rsaref.h			rsaref/rsar_err.c
 L SSL           ssl/ssl.h                       ssl/ssl_err.c
 L COMP          crypto/comp/comp.h              crypto/comp/comp_err.c
 L RAND          crypto/rand/rand.h              crypto/rand/rand_err.c
+L ENGINE        crypto/engine/engine.h          crypto/engine/engine_err.c
 
 
 F RSAREF_F_RSA_BN2BIN
diff --git a/src/lib/libssl/src/crypto/evp/Makefile.ssl b/src/lib/libssl/src/crypto/evp/Makefile.ssl
index c763b5ccd6..ad39fcc9e7 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/evp/Makefile.ssl
@@ -23,32 +23,22 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
-        e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \
-        e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \
-        e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \
-        e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
-        e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
-        e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
-        e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
-        e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
-        m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
-        m_ripemd.c \
+        e_des.c e_bf.c e_idea.c e_des3.c \
+        e_rc4.c names.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
         c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
         evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
 
 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \
-        e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
-        e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \
-        e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \
-        e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
-        e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
-        e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
-        e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
-        e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
-        m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
-        m_ripemd.o \
+        e_des.o e_bf.o e_idea.o e_des3.o \
+        e_rc4.o names.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
         p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
         bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
         c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
@@ -114,14 +104,16 @@ bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-bio_b64.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_b64.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_b64.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -129,14 +121,16 @@ bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-bio_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -144,14 +138,16 @@ bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_md.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_md.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-bio_md.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bio_md.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-bio_md.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h
 bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -159,14 +155,16 @@ bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_ok.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bio_ok.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-bio_ok.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bio_ok.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bio_ok.o: ../cryptlib.h
 c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -175,14 +173,16 @@ c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-c_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-c_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/stack.h ../cryptlib.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h
 c_allc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_allc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -190,15 +190,17 @@ c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 c_allc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-c_allc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-c_allc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 c_alld.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_alld.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -207,15 +209,17 @@ c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 c_alld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-c_alld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-c_alld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -224,329 +228,101 @@ digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_3d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_bf.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_c.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_i.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_r2.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cbc_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cbc_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cbc_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cbc_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cbc_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cbc_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cbc_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cbc_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cbc_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cbc_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cbc_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cbc_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cbc_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cbc_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cbc_r5.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_c.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_i.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
-e_cfb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cfb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_cfb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cfb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_cfb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_cfb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_cfb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cfb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_cfb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_cfb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cfb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_cfb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_cfb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_cfb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_cfb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_c.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_i.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ecb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ecb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ecb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ecb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ecb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ecb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ecb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ecb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ecb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ecb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ecb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ecb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ecb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ecb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ecb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../cryptlib.h
+e_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_bf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_bf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+e_cast.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cast.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cast.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cast.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_cast.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_cast.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+e_des.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_des.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_des.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_des.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_des.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_des.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+e_des3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_des3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_des3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_des3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_des3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+e_idea.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_idea.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_idea.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_idea.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_idea.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_idea.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_idea.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
 e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -554,119 +330,33 @@ e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_null.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_c.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_d.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_i.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
-e_ofb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_ofb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-e_ofb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_ofb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_ofb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-e_ofb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-e_ofb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_ofb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-e_ofb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_ofb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_ofb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_ofb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_ofb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_ofb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_ofb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
+e_rc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_rc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_rc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_rc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_rc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_rc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
 e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -674,14 +364,33 @@ e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_rc4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_rc4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_rc4.o: ../../include/openssl/stack.h ../cryptlib.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h
+e_rc5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_rc5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_rc5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_rc5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_rc5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_rc5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_rc5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
 e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -689,14 +398,17 @@ e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
 e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
 e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_xcbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_xcbc_d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_xcbc_d.o: ../cryptlib.h
 encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -704,14 +416,16 @@ encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-encode.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+encode.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-encode.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-encode.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-encode.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-encode.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-encode.o: ../../include/openssl/stack.h ../cryptlib.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../cryptlib.h
 evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -719,28 +433,32 @@ evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
 evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
 evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_err.o: ../../include/openssl/stack.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_err.o: ../../include/openssl/symhacks.h
 evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -748,14 +466,16 @@ evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 evp_key.o: ../cryptlib.h
 evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -765,14 +485,16 @@ evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -780,14 +502,16 @@ evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 evp_pbe.o: ../cryptlib.h
 evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -797,16 +521,19 @@ evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
 evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pkey.o: ../cryptlib.h
 m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -814,14 +541,16 @@ m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_dss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_dss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_dss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_dss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h
 m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -831,14 +560,16 @@ m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_dss1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_dss1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_dss1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_dss1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h
 m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -848,16 +579,37 @@ m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_md2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_md2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_md2.o: ../cryptlib.h
+m_md4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_md4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_md4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h
 m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -865,14 +617,16 @@ m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_md5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_md5.o: ../cryptlib.h
 m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -882,14 +636,16 @@ m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_mdc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_mdc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_mdc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_mdc2.o: ../cryptlib.h
 m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -899,14 +655,16 @@ m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_null.o: ../cryptlib.h
 m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -916,16 +674,18 @@ m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
 m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ripemd.o: ../cryptlib.h
+m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -933,14 +693,16 @@ m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_sha.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_sha.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha.o: ../cryptlib.h
 m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -950,14 +712,16 @@ m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-m_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-m_sha1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h
 names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -967,14 +731,16 @@ names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-names.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-names.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-names.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 names.o: ../cryptlib.h
 p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -984,14 +750,16 @@ p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p5_crpt.o: ../cryptlib.h
 p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -1002,16 +770,17 @@ p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
-p5_crpt2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p5_crpt2.o: ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt2.o: ../cryptlib.h
+p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -1019,15 +788,17 @@ p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p_dec.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p_dec.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_dec.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -1036,15 +807,17 @@ p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
@@ -1054,14 +827,16 @@ p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -1070,14 +845,16 @@ p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_open.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p_open.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p_open.o: ../cryptlib.h
 p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -1087,15 +864,17 @@ p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-p_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -1104,14 +883,16 @@ p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-p_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p_sign.o: ../cryptlib.h
 p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -1121,13 +902,15 @@ p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
 p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_verify.o: ../cryptlib.h
+p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c
index bd5e24f993..af6fa2ae8f 100644
--- a/src/lib/libssl/src/crypto/evp/bio_b64.c
+++ b/src/lib/libssl/src/crypto/evp/bio_b64.c
@@ -62,14 +62,14 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
-static int b64_write(BIO *h,char *buf,int num);
-static int b64_read(BIO *h,char *buf,int size);
-/*static int b64_puts(BIO *h,char *str); */
-/*static int b64_gets(BIO *h,char *str,int size); */
-static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+/*static int b64_puts(BIO *h, const char *str); */
+/*static int b64_gets(BIO *h, char *str, int size); */
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 #define B64_BLOCK_SIZE  1024
 #define B64_BLOCK_SIZE2 768
 #define B64_NONE        0
@@ -113,7 +113,7 @@ static int b64_new(BIO *bi)
         {
         BIO_B64_CTX *ctx;
 
-        ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX));
+        ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
         if (ctx == NULL) return(0);
 
         ctx->buf_len=0;
@@ -133,7 +133,7 @@ static int b64_new(BIO *bi)
 static int b64_free(BIO *a)
         {
         if (a == NULL) return(0);
-        Free(a->ptr);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -340,7 +340,7 @@ static int b64_read(BIO *b, char *out, int outl)
         return((ret == 0)?ret_code:ret);
         }
 
-static int b64_write(BIO *b, char *in, int inl)
+static int b64_write(BIO *b, const char *in, int inl)
         {
         int ret=inl,n,i;
         BIO_B64_CTX *ctx;
@@ -370,10 +370,11 @@ static int b64_write(BIO *b, char *in, int inl)
                 n-=i;
                 }
         /* at this point all pending data has been written */
+        ctx->buf_off=0;
+        ctx->buf_len=0;
 
         if ((in == NULL) || (inl <= 0)) return(0);
 
-        ctx->buf_off=0;
         while (inl > 0)
                 {
                 n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
@@ -383,14 +384,20 @@ static int b64_write(BIO *b, char *in, int inl)
                         if (ctx->tmp_len > 0)
                                 {
                                 n=3-ctx->tmp_len;
+                                /* There's a teoretical possibility for this */
+                                if (n > inl) 
+                                        n=inl;
                                 memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
                                 ctx->tmp_len+=n;
-                                n=ctx->tmp_len;
-                                if (n < 3)
+                                if (ctx->tmp_len < 3)
                                         break;
                                 ctx->buf_len=EVP_EncodeBlock(
                                         (unsigned char *)ctx->buf,
-                                        (unsigned char *)ctx->tmp,n);
+                                        (unsigned char *)ctx->tmp,
+                                        ctx->tmp_len);
+                                /* Since we're now done using the temporary
+                                   buffer, the length should be 0'd */
+                                ctx->tmp_len=0;
                                 }
                         else
                                 {
@@ -434,7 +441,7 @@ static int b64_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long b64_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO_B64_CTX *ctx;
         long ret=1;
@@ -524,7 +531,7 @@ again:
         return(ret);
         }
 
-static long b64_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c
index 629bf4b95d..831c71a2b5 100644
--- a/src/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/src/lib/libssl/src/crypto/evp/bio_enc.c
@@ -62,14 +62,14 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
-static int enc_write(BIO *h,char *buf,int num);
-static int enc_read(BIO *h,char *buf,int size);
-/*static int enc_puts(BIO *h,char *str); */
-/*static int enc_gets(BIO *h,char *str,int size); */
-static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+/*static int enc_puts(BIO *h, const char *str); */
+/*static int enc_gets(BIO *h, char *str, int size); */
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
 #define ENC_BLOCK_SIZE  (1024*4)
 
 typedef struct enc_struct
@@ -105,7 +105,7 @@ static int enc_new(BIO *bi)
         {
         BIO_ENC_CTX *ctx;
 
-        ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX));
+        ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
         EVP_CIPHER_CTX_init(&ctx->cipher);
         if (ctx == NULL) return(0);
 
@@ -129,7 +129,7 @@ static int enc_free(BIO *a)
         b=(BIO_ENC_CTX *)a->ptr;
         EVP_CIPHER_CTX_cleanup(&(b->cipher));
         memset(a->ptr,0,sizeof(BIO_ENC_CTX));
-        Free(a->ptr);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -224,7 +224,7 @@ static int enc_read(BIO *b, char *out, int outl)
         return((ret == 0)?ctx->cont:ret);
         }
 
-static int enc_write(BIO *b, char *in, int inl)
+static int enc_write(BIO *b, const char *in, int inl)
         {
         int ret=0,n,i;
         BIO_ENC_CTX *ctx;
@@ -279,7 +279,7 @@ static int enc_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long enc_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO *dbio;
         BIO_ENC_CTX *ctx,*dctx;
@@ -370,7 +370,7 @@ again:
         return(ret);
         }
 
-static long enc_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
diff --git a/src/lib/libssl/src/crypto/evp/bio_md.c b/src/lib/libssl/src/crypto/evp/bio_md.c
index aef928dd8f..2373c247d8 100644
--- a/src/lib/libssl/src/crypto/evp/bio_md.c
+++ b/src/lib/libssl/src/crypto/evp/bio_md.c
@@ -65,14 +65,14 @@
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-static int md_write(BIO *h,char *buf,int num);
-static int md_read(BIO *h,char *buf,int size);
-/*static int md_puts(BIO *h,char *str); */
-static int md_gets(BIO *h,char *str,int size);
-static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+/*static int md_puts(BIO *h, const char *str); */
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int md_new(BIO *h);
 static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 
 static BIO_METHOD methods_md=
         {
@@ -96,7 +96,7 @@ static int md_new(BIO *bi)
         {
         EVP_MD_CTX *ctx;
 
-        ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX));
+        ctx=(EVP_MD_CTX *)OPENSSL_malloc(sizeof(EVP_MD_CTX));
         if (ctx == NULL) return(0);
 
         bi->init=0;
@@ -108,7 +108,7 @@ static int md_new(BIO *bi)
 static int md_free(BIO *a)
         {
         if (a == NULL) return(0);
-        Free(a->ptr);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -139,7 +139,7 @@ static int md_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int md_write(BIO *b, char *in, int inl)
+static int md_write(BIO *b, const char *in, int inl)
         {
         int ret=0;
         EVP_MD_CTX *ctx;
@@ -162,7 +162,7 @@ static int md_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long md_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         EVP_MD_CTX *ctx,*dctx,**pctx;
         const EVP_MD **ppmd;
@@ -223,7 +223,7 @@ static long md_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long md_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
diff --git a/src/lib/libssl/src/crypto/evp/bio_ok.c b/src/lib/libssl/src/crypto/evp/bio_ok.c
index e6ff5f2cdb..e617ce1d43 100644
--- a/src/lib/libssl/src/crypto/evp/bio_ok.c
+++ b/src/lib/libssl/src/crypto/evp/bio_ok.c
@@ -125,12 +125,12 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 
-static int ok_write(BIO *h,char *buf,int num);
-static int ok_read(BIO *h,char *buf,int size);
-static long ok_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ok_new(BIO *h);
 static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 
 static void sig_out(BIO* b);
 static void sig_in(BIO* b);
@@ -187,7 +187,7 @@ static int ok_new(BIO *bi)
         {
         BIO_OK_CTX *ctx;
 
-        ctx=(BIO_OK_CTX *)Malloc(sizeof(BIO_OK_CTX));
+        ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
         if (ctx == NULL) return(0);
 
         ctx->buf_len=0;
@@ -209,7 +209,7 @@ static int ok_free(BIO *a)
         {
         if (a == NULL) return(0);
         memset(a->ptr,0,sizeof(BIO_OK_CTX));
-        Free(a->ptr);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
@@ -287,7 +287,7 @@ static int ok_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int ok_write(BIO *b, char *in, int inl)
+static int ok_write(BIO *b, const char *in, int inl)
         {
         int ret=0,n,i;
         BIO_OK_CTX *ctx;
@@ -345,7 +345,7 @@ static int ok_write(BIO *b, char *in, int inl)
         return(ret);
         }
 
-static long ok_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         BIO_OK_CTX *ctx;
         EVP_MD *md;
@@ -431,7 +431,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long ok_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         long ret=1;
 
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c
index febe51a3ee..bbf059eb85 100644
--- a/src/lib/libssl/src/crypto/evp/c_alld.c
+++ b/src/lib/libssl/src/crypto/evp/c_alld.c
@@ -67,6 +67,9 @@ void OpenSSL_add_all_digests(void)
 #ifndef NO_MD2
         EVP_add_digest(EVP_md2());
 #endif
+#ifndef NO_MD4
+        EVP_add_digest(EVP_md4());
+#endif
 #ifndef NO_MD5
         EVP_add_digest(EVP_md5());
         EVP_add_digest_alias(SN_md5,"ssl2-md5");
diff --git a/src/lib/libssl/src/crypto/evp/e_bf.c b/src/lib/libssl/src/crypto/evp/e_bf.c
new file mode 100644
index 0000000000..72047f64da
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_bf.c
@@ -0,0 +1,80 @@
+/* crypto/evp/e_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_BF
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc);
+
+IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
+                        0, bf_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+        
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+        {
+        BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cast.c b/src/lib/libssl/src/crypto/evp/e_cast.c
new file mode 100644
index 0000000000..e5af7fb4ed
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_cast.c
@@ -0,0 +1,82 @@
+/* crypto/evp/e_cast.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_CAST
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv,int enc);
+
+IMPLEMENT_BLOCK_CIPHER(cast5, cast_ks, CAST, cast_ks, 
+                        NID_cast5, 8, EVP_CAST5_KEY_SIZE, 8,
+                        EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+                        
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_3d.c b/src/lib/libssl/src/crypto/evp/e_cbc_3d.c
index 5d16b865c5..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_3d.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_3d.c
@@ -1,151 +0,0 @@
-/* crypto/evp/e_cbc_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_cbc_ede_cipher2=
-        {
-        NID_des_ede_cbc,
-        8,16,8,
-        des_cbc_ede_init_key,
-        des_cbc_ede_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-static EVP_CIPHER d_cbc_ede_cipher3=
-        {
-        NID_des_ede3_cbc,
-        8,24,8,
-        des_cbc_ede3_init_key,
-        des_cbc_ede_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_ede_cbc(void)
-        {
-        return(&d_cbc_ede_cipher2);
-        }
-
-EVP_CIPHER *EVP_des_ede3_cbc(void)
-        {
-        return(&d_cbc_ede_cipher3);
-        }
-        
-static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                memcpy( (char *)ctx->c.des_ede.ks3,
-                        (char *)ctx->c.des_ede.ks1,
-                        sizeof(ctx->c.des_ede.ks1));
-                }
-        }
-
-static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
-                }
-        }
-
-static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_ede3_cbc_encrypt(in,out,inl, ctx->c.des_ede.ks1,
-                ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
-                (des_cblock *) &(ctx->iv[0]),
-                ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_bf.c b/src/lib/libssl/src/crypto/evp/e_cbc_bf.c
index 9bcba3c516..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_bf.c
@@ -1,106 +0,0 @@
-/* crypto/evp/e_cbc_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BF
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER bfish_cbc_cipher=
-        {
-        NID_bf_cbc,
-        8,EVP_BLOWFISH_KEY_SIZE,8,
-        bf_cbc_init_key,
-        bf_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_bf_cbc(void)
-        {
-        return(&bfish_cbc_cipher);
-        }
-        
-static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-        }
-
-static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        BF_cbc_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.bf_ks),&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_c.c b/src/lib/libssl/src/crypto/evp/e_cbc_c.c
index 6845b0b44c..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_c.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_c.c
@@ -1,107 +0,0 @@
-/* crypto/evp/e_cbc_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER cast5_cbc_cipher=
-        {
-        NID_cast5_cbc,
-        8,EVP_CAST5_KEY_SIZE,8,
-        cast_cbc_init_key,
-        cast_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_cast5_cbc(void)
-        {
-        return(&cast5_cbc_cipher);
-        }
-        
-static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-        }
-
-static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        CAST_cbc_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.cast_ks),&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_d.c b/src/lib/libssl/src/crypto/evp/e_cbc_d.c
index 5b4e5b8601..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_d.c
@@ -1,106 +0,0 @@
-/* crypto/evp/e_cbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_cbc_cipher=
-        {
-        NID_des_cbc,
-        8,8,8,
-        des_cbc_init_key,
-        des_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_cbc(void)
-        {
-        return(&d_cbc_cipher);
-        }
-        
-static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                des_set_key_unchecked(deskey,ctx->c.des_ks);
-        }
-
-static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_ncbc_encrypt(in,out,inl,ctx->c.des_ks,
-                (des_cblock *)&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_i.c b/src/lib/libssl/src/crypto/evp/e_cbc_i.c
index 34b44aa21f..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_i.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_i.c
@@ -1,119 +0,0 @@
-/* crypto/evp/e_cbc_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER i_cbc_cipher=
-        {
-        NID_idea_cbc,
-        8,16,8,
-        idea_cbc_init_key,
-        idea_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_idea_cbc(void)
-        {
-        return(&i_cbc_cipher);
-        }
-        
-static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                {
-                if (enc)
-                        idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-                else
-                        {
-                        IDEA_KEY_SCHEDULE tmp;
-
-                        idea_set_encrypt_key(key,&tmp);
-                        idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
-                        memset((unsigned char *)&tmp,0,
-                                sizeof(IDEA_KEY_SCHEDULE));
-                        }
-                }
-        }
-
-static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        idea_cbc_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.idea_ks),&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_r2.c b/src/lib/libssl/src/crypto/evp/e_cbc_r2.c
index 9dfada4ea6..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_r2.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_r2.c
@@ -1,216 +0,0 @@
-/* crypto/evp/e_cbc_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static int rc2_meth_to_magic(const EVP_CIPHER *e);
-static EVP_CIPHER *rc2_magic_to_meth(int i);
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-#define RC2_40_MAGIC    0xa0
-#define RC2_64_MAGIC    0x78
-#define RC2_128_MAGIC   0x3a
-
-static EVP_CIPHER r2_cbc_cipher=
-        {
-        NID_rc2_cbc,
-        8,EVP_RC2_KEY_SIZE,8,
-        rc2_cbc_init_key,
-        rc2_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        rc2_set_asn1_type_and_iv,
-        rc2_get_asn1_type_and_iv,
-        };
-
-static EVP_CIPHER r2_64_cbc_cipher=
-        {
-        NID_rc2_64_cbc,
-        8,8 /* 64 bit */,8,
-        rc2_cbc_init_key,
-        rc2_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        rc2_set_asn1_type_and_iv,
-        rc2_get_asn1_type_and_iv,
-        };
-
-static EVP_CIPHER r2_40_cbc_cipher=
-        {
-        NID_rc2_40_cbc,
-        8,5 /* 40 bit */,8,
-        rc2_cbc_init_key,
-        rc2_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        rc2_set_asn1_type_and_iv,
-        rc2_get_asn1_type_and_iv,
-        };
-
-EVP_CIPHER *EVP_rc2_cbc(void)
-        {
-        return(&r2_cbc_cipher);
-        }
-
-EVP_CIPHER *EVP_rc2_64_cbc(void)
-        {
-        return(&r2_64_cbc_cipher);
-        }
-
-EVP_CIPHER *EVP_rc2_40_cbc(void)
-        {
-        return(&r2_40_cbc_cipher);
-        }
-        
-static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-                        key,EVP_CIPHER_CTX_key_length(ctx)*8);
-        }
-
-static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC2_cbc_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.rc2_ks),&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-
-static int rc2_meth_to_magic(const EVP_CIPHER *e)
-        {
-        int i;
-
-        i=EVP_CIPHER_key_length(e);
-        if      (i == 16) return(RC2_128_MAGIC);
-        else if (i == 8)  return(RC2_64_MAGIC);
-        else if (i == 5)  return(RC2_40_MAGIC);
-        else return(0);
-        }
-
-static EVP_CIPHER *rc2_magic_to_meth(int i)
-        {
-        if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
-        else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
-        else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
-        else
-                {
-                EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
-                return(NULL);
-                }
-        }
-
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        long num=0;
-        int i=0,l;
-        EVP_CIPHER *e;
-
-        if (type != NULL)
-                {
-                l=EVP_CIPHER_CTX_iv_length(c);
-                i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
-                if (i != l)
-                        return(-1);
-                else if (i > 0)
-                        memcpy(c->iv,c->oiv,l);
-                e=rc2_magic_to_meth((int)num);
-                if (e == NULL)
-                        return(-1);
-                if (e != EVP_CIPHER_CTX_cipher(c))
-                        {
-                        EVP_CIPHER_CTX_cipher(c)=e;
-                        rc2_cbc_init_key(c,NULL,NULL,1);
-                        }
-                }
-        return(i);
-        }
-
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        long num;
-        int i=0,j;
-
-        if (type != NULL)
-                {
-                num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
-                j=EVP_CIPHER_CTX_iv_length(c);
-                i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
-                }
-        return(i);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cbc_r5.c b/src/lib/libssl/src/crypto/evp/e_cbc_r5.c
index cea3fe333a..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cbc_r5.c
+++ b/src/lib/libssl/src/crypto/evp/e_cbc_r5.c
@@ -1,108 +0,0 @@
-/* crypto/evp/e_cbc_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER rc5_32_12_16_cbc_cipher=
-        {
-        NID_rc5_cbc,
-        8,EVP_RC5_32_12_16_KEY_SIZE,8,
-        r_32_12_16_cbc_init_key,
-        r_32_12_16_cbc_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
-        {
-        return(&rc5_32_12_16_cbc_cipher);
-        }
-        
-static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,
-                        key,RC5_12_ROUNDS);
-        }
-
-static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC5_32_cbc_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.rc5_ks),&(ctx->iv[0]),
-                ctx->encrypt);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_3d.c b/src/lib/libssl/src/crypto/evp/e_cfb_3d.c
index b364bd4e31..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_3d.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_3d.c
@@ -1,155 +0,0 @@
-/* crypto/evp/e_cfb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_ede_cfb_cipher2=
-        {
-        NID_des_ede_cfb64,
-        1,16,8,
-        des_ede_cfb_init_key,
-        des_ede_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-static EVP_CIPHER d_ede3_cfb_cipher3=
-        {
-        NID_des_ede3_cfb64,
-        1,24,8,
-        des_ede3_cfb_init_key,
-        des_ede_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_ede_cfb(void)
-        {
-        return(&d_ede_cfb_cipher2);
-        }
-
-EVP_CIPHER *EVP_des_ede3_cfb(void)
-        {
-        return(&d_ede3_cfb_cipher3);
-        }
-        
-static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                memcpy( (char *)ctx->c.des_ede.ks3,
-                        (char *)ctx->c.des_ede.ks1,
-                        sizeof(ctx->c.des_ede.ks1));
-                }
-        }
-
-static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
-                }
-        }
-
-static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_ede3_cfb64_encrypt(in,out,(long)inl,
-                               ctx->c.des_ede.ks1,
-                               ctx->c.des_ede.ks2,
-                               ctx->c.des_ede.ks3,
-                               (des_cblock*)&(ctx->iv[0]),
-                               &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_bf.c b/src/lib/libssl/src/crypto/evp/e_cfb_bf.c
index 63e1e624ea..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_bf.c
@@ -1,108 +0,0 @@
-/* crypto/evp/e_cfb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BF
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER bfish_cfb_cipher=
-        {
-        NID_bf_cfb64,
-        1,EVP_BLOWFISH_KEY_SIZE,8,
-        bf_cfb_init_key,
-        bf_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_bf_cfb(void)
-        {
-        return(&bfish_cfb_cipher);
-        }
-        
-static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-        }
-
-static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        BF_cfb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.bf_ks),
-                &(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_c.c b/src/lib/libssl/src/crypto/evp/e_cfb_c.c
index f04bac034b..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_c.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_c.c
@@ -1,109 +0,0 @@
-/* crypto/evp/e_cfb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER cast5_cfb_cipher=
-        {
-        NID_cast5_cfb64,
-        1,EVP_CAST5_KEY_SIZE,8,
-        cast_cfb_init_key,
-        cast_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_cast5_cfb(void)
-        {
-        return(&cast5_cfb_cipher);
-        }
-        
-static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-        }
-
-static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        CAST_cfb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.cast_ks),
-                &(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_d.c b/src/lib/libssl/src/crypto/evp/e_cfb_d.c
index 9e1714bd15..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_d.c
@@ -1,110 +0,0 @@
-/* crypto/evp/e_cfb_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#ifndef NO_DES
-static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_cfb_cipher=
-        {
-        NID_des_cfb64,
-        1,8,8,
-        des_cfb_init_key,
-        des_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_cfb(void)
-        {
-        return(&d_cfb_cipher);
-        }
-        
-static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                des_set_key_unchecked(deskey,ctx->c.des_ks);
-        }
-
-static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_cfb64_encrypt(
-                in,out,
-                (long)inl, ctx->c.des_ks,
-                (des_cblock *)&(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_i.c b/src/lib/libssl/src/crypto/evp/e_cfb_i.c
index 31c76c6dac..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_i.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_i.c
@@ -1,109 +0,0 @@
-/* crypto/evp/e_cfb_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER i_cfb_cipher=
-        {
-        NID_idea_cfb64,
-        1,IDEA_KEY_LENGTH,IDEA_BLOCK,
-        idea_cfb_init_key,
-        idea_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_idea_cfb(void)
-        {
-        return(&i_cfb_cipher);
-        }
-
-static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-        }
-
-static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        idea_cfb64_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.idea_ks),&(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_r2.c b/src/lib/libssl/src/crypto/evp/e_cfb_r2.c
index 32dd77eb7c..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_r2.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_r2.c
@@ -1,110 +0,0 @@
-/* crypto/evp/e_cfb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER r2_cfb_cipher=
-        {
-        NID_rc2_cfb64,
-        1,EVP_RC2_KEY_SIZE,8,
-        rc2_cfb_init_key,
-        rc2_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_rc2_cfb(void)
-        {
-        return(&r2_cfb_cipher);
-        }
-        
-static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-                        key,EVP_CIPHER_CTX_key_length(ctx)*8);
-        }
-
-static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC2_cfb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.rc2_ks),
-                &(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cfb_r5.c b/src/lib/libssl/src/crypto/evp/e_cfb_r5.c
index 8e79728946..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_cfb_r5.c
+++ b/src/lib/libssl/src/crypto/evp/e_cfb_r5.c
@@ -1,110 +0,0 @@
-/* crypto/evp/e_cfb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER rc5_cfb_cipher=
-        {
-        NID_rc5_cfb64,
-        1,EVP_RC5_32_12_16_KEY_SIZE,8,
-        rc5_32_12_16_cfb_init_key,
-        rc5_32_12_16_cfb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
-        {
-        return(&rc5_cfb_cipher);
-        }
-        
-static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-                        RC5_12_ROUNDS);
-        }
-
-static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC5_32_cfb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.rc5_ks),
-                &(ctx->iv[0]),
-                &ctx->num,ctx->encrypt);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c
new file mode 100644
index 0000000000..f4e998b81c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_des.c
@@ -0,0 +1,118 @@
+/* crypto/evp/e_des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+
+/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                des_ecb_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), ctx->c.des_ks, ctx->encrypt);
+        return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        des_ofb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num);
+        return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks,
+                         (des_cblock *)ctx->iv, ctx->encrypt);
+        return 1;
+}
+
+static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks,
+                          (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+        return 1;
+}
+
+BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8,
+                        0, des_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+        des_cblock *deskey = (des_cblock *)key;
+
+        des_set_key_unchecked(deskey,ctx->c.des_ks);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
new file mode 100644
index 0000000000..a9aba4ae70
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -0,0 +1,165 @@
+/* crypto/evp/e_des3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv,int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv,int enc);
+
+/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                des_ecb3_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), 
+                        ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+                         ctx->encrypt);
+        return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        des_ede3_ofb64_encrypt(in, out, (long)inl,
+                        ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+                                                                (des_cblock *)ctx->iv, &ctx->num);
+        return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        des_ede3_cbc_encrypt(in, out, (long)inl,
+                        ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+                                                                (des_cblock *)ctx->iv, ctx->encrypt);
+        return 1;
+}
+
+static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        des_ede3_cfb64_encrypt(in, out, (long)inl, 
+                        ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+                                        (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+        return 1;
+}
+
+#define NID_des_ede_ecb NID_des_ede
+
+BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8,
+                        0, des_ede_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+#define NID_des_ede3_ecb NID_des_ede3
+#define des_ede3_cfb_cipher des_ede_cfb_cipher
+#define des_ede3_ofb_cipher des_ede_ofb_cipher
+#define des_ede3_cbc_cipher des_ede_cbc_cipher
+#define des_ede3_ecb_cipher des_ede_ecb_cipher
+
+BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8,
+                        0, des_ede3_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+        {
+        des_cblock *deskey = (des_cblock *)key;
+
+        des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+        des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+        memcpy( (char *)ctx->c.des_ede.ks3,
+                        (char *)ctx->c.des_ede.ks1,
+                        sizeof(ctx->c.des_ede.ks1));
+        return 1;
+        }
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+        {
+        des_cblock *deskey = (des_cblock *)key;
+
+        des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+        des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+        des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+
+        return 1;
+        }
+
+EVP_CIPHER *EVP_des_ede(void)
+{
+        return &des_ede_ecb;
+}
+
+EVP_CIPHER *EVP_des_ede3(void)
+{
+        return &des_ede3_ecb;
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_3d.c b/src/lib/libssl/src/crypto/evp/e_ecb_3d.c
index 806e971d36..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_3d.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_3d.c
@@ -1,158 +0,0 @@
-/* crypto/evp/e_ecb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_ede_cipher2=
-        {
-        NID_des_ede,
-        8,16,0,
-        des_ede_init_key,
-        des_ede_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        NULL,
-        NULL,
-        };
-
-static EVP_CIPHER d_ede3_cipher3=
-        {
-        NID_des_ede3,
-        8,24,0,
-        des_ede3_init_key,
-        des_ede_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        NULL,
-        };
-
-EVP_CIPHER *EVP_des_ede(void)
-        {
-        return(&d_ede_cipher2);
-        }
-
-EVP_CIPHER *EVP_des_ede3(void)
-        {
-        return(&d_ede3_cipher3);
-        }
-
-static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                memcpy( (char *)ctx->c.des_ede.ks3,
-                        (char *)ctx->c.des_ede.ks1,
-                        sizeof(ctx->c.des_ede.ks1));
-                }
-        }
-
-static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
-                }
-        }
-
-static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-        des_cblock *output   /* = (des_cblock *)out */;
-        des_cblock *input    /* = (des_cblock *)in */;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                output = (des_cblock *)(out + i);
-                input = (des_cblock *)(in + i);
-
-                des_ecb3_encrypt(input,output,
-                        ctx->c.des_ede.ks1,
-                        ctx->c.des_ede.ks2,
-                        ctx->c.des_ede.ks3,
-                        ctx->encrypt);
-
-                /* output++; */
-                /* input++; */
-                }
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_bf.c b/src/lib/libssl/src/crypto/evp/e_ecb_bf.c
index 334736d253..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_bf.c
@@ -1,109 +0,0 @@
-/* crypto/evp/e_ecb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BF
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER bfish_ecb_cipher=
-        {
-        NID_bf_ecb,
-        8,EVP_BLOWFISH_KEY_SIZE,0,
-        bf_ecb_init_key,
-        bf_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_bf_ecb(void)
-        {
-        return(&bfish_ecb_cipher);
-        }
-        
-static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (key != NULL)
-                BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-        }
-
-static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                BF_ecb_encrypt(
-                        &(in[i]),&(out[i]),
-                        &(ctx->c.bf_ks),ctx->encrypt);
-                }
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_c.c b/src/lib/libssl/src/crypto/evp/e_ecb_c.c
index ad14e203cb..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_c.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_c.c
@@ -1,110 +0,0 @@
-/* crypto/evp/e_ecb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER cast5_ecb_cipher=
-        {
-        NID_cast5_ecb,
-        8,EVP_CAST5_KEY_SIZE,0,
-        cast_ecb_init_key,
-        cast_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_cast5_ecb(void)
-        {
-        return(&cast5_ecb_cipher);
-        }
-        
-static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (key != NULL)
-                CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-        }
-
-static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                CAST_ecb_encrypt(
-                        &(in[i]),&(out[i]),
-                        &(ctx->c.cast_ks),ctx->encrypt);
-                }
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_d.c b/src/lib/libssl/src/crypto/evp/e_ecb_d.c
index c11bef55ef..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_d.c
@@ -1,118 +0,0 @@
-/* crypto/evp/e_ecb_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_ecb_cipher=
-        {
-        NID_des_ecb,
-        8,8,0,
-        des_ecb_init_key,
-        des_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_des_ecb(void)
-        {
-        return(&d_ecb_cipher);
-        }
-        
-static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        if (deskey != NULL)
-                des_set_key_unchecked(deskey,ctx->c.des_ks);
-        }
-
-static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-        des_cblock *output  /* = (des_cblock *)out */;
-        des_cblock *input   /* = (des_cblock *)in */; 
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                /* Either this ... */
-                output = (des_cblock *)(out + i);
-                input = (des_cblock *)(in + i);
-
-                des_ecb_encrypt(input,output,ctx->c.des_ks,ctx->encrypt);
-
-                /* ... or this. */
-                /* output++; */
-                /* input++; */
-                }
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_i.c b/src/lib/libssl/src/crypto/evp/e_ecb_i.c
index 50a3da1bba..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_i.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_i.c
@@ -1,121 +0,0 @@
-/* crypto/evp/e_ecb_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER i_ecb_cipher=
-        {
-        NID_idea_ecb,
-        8,16,0,
-        idea_ecb_init_key,
-        idea_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_idea_ecb(void)
-        {
-        return(&i_ecb_cipher);
-        }
-        
-static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (key != NULL)
-                {
-                if (enc)
-                        idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-                else
-                        {
-                        IDEA_KEY_SCHEDULE tmp;
-
-                        idea_set_encrypt_key(key,&tmp);
-                        idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
-                        memset((unsigned char *)&tmp,0,
-                                sizeof(IDEA_KEY_SCHEDULE));
-                        }
-                }
-        }
-
-static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                idea_ecb_encrypt(
-                        &(in[i]),&(out[i]),&(ctx->c.idea_ks));
-                }
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_r2.c b/src/lib/libssl/src/crypto/evp/e_ecb_r2.c
index 3c2330130d..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_r2.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_r2.c
@@ -1,111 +0,0 @@
-/* crypto/evp/e_ecb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER r2_ecb_cipher=
-        {
-        NID_rc2_ecb,
-        8,EVP_RC2_KEY_SIZE,0,
-        rc2_ecb_init_key,
-        rc2_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_rc2_ecb(void)
-        {
-        return(&r2_ecb_cipher);
-        }
-        
-static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (key != NULL)
-                RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-                        key,EVP_CIPHER_CTX_key_length(ctx)*8);
-        }
-
-static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                RC2_ecb_encrypt(
-                        &(in[i]),&(out[i]),
-                        &(ctx->c.rc2_ks),ctx->encrypt);
-                }
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ecb_r5.c b/src/lib/libssl/src/crypto/evp/e_ecb_r5.c
index ef43ce34bf..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ecb_r5.c
+++ b/src/lib/libssl/src/crypto/evp/e_ecb_r5.c
@@ -1,111 +0,0 @@
-/* crypto/evp/e_ecb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER rc5_ecb_cipher=
-        {
-        NID_rc5_ecb,
-        8,EVP_RC5_32_12_16_KEY_SIZE,0,
-        rc5_32_12_16_ecb_init_key,
-        rc5_32_12_16_ecb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-        NULL,
-        NULL,
-        };
-
-EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
-        {
-        return(&rc5_ecb_cipher);
-        }
-        
-static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        if (key != NULL)
-                RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-                        RC5_12_ROUNDS);
-        }
-
-static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        unsigned int i;
-
-        if (inl < 8) return;
-        inl-=8;
-        for (i=0; i<=inl; i+=8)
-                {
-                RC5_32_ecb_encrypt(
-                        &(in[i]),&(out[i]),
-                        &(ctx->c.rc5_ks),ctx->encrypt);
-                }
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_idea.c b/src/lib/libssl/src/crypto/evp/e_idea.c
new file mode 100644
index 0000000000..8d3c88deb7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_idea.c
@@ -0,0 +1,112 @@
+/* crypto/evp/e_idea.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_IDEA
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv,int enc);
+
+/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
+ * case 
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                idea_ecb_encrypt(in + i, out + i, &ctx->c.idea_ks);
+        return 1;
+}
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
+
+BLOCK_CIPHER_func_cbc(idea, idea, idea_ks)
+BLOCK_CIPHER_func_ofb(idea, idea, idea_ks)
+BLOCK_CIPHER_func_cfb(idea, idea, idea_ks)
+
+BLOCK_CIPHER_defs(idea, idea_ks, NID_idea, 8, 16, 8,
+                        0, idea_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        if(!enc) {
+                if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
+                else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
+        }
+        if (enc) idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+        else
+                {
+                IDEA_KEY_SCHEDULE tmp;
+
+                idea_set_encrypt_key(key,&tmp);
+                idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+                memset((unsigned char *)&tmp,0,
+                                sizeof(IDEA_KEY_SCHEDULE));
+                }
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c
index 0a62c10aa9..e0702cf818 100644
--- a/src/lib/libssl/src/crypto/evp/e_null.c
+++ b/src/lib/libssl/src/crypto/evp/e_null.c
@@ -61,20 +61,22 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv,int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl);
 static EVP_CIPHER n_cipher=
         {
         NID_undef,
         1,0,0,
+        0,
         null_init_key,
         null_cipher,
         NULL,
         0,
         NULL,
         NULL,
+        NULL
         };
 
 EVP_CIPHER *EVP_enc_null(void)
@@ -82,16 +84,18 @@ EVP_CIPHER *EVP_enc_null(void)
         return(&n_cipher);
         }
 
-static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+             const unsigned char *iv, int enc)
         {
         memset(&(ctx->c),0,sizeof(ctx->c));
+        return 1;
         }
 
-static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+             const unsigned char *in, unsigned int inl)
         {
         if (in != out)
                 memcpy((char *)out,(char *)in,(int)inl);
+        return 1;
         }
 
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_3d.c b/src/lib/libssl/src/crypto/evp/e_ofb_3d.c
index d1a33e2ecd..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_3d.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_3d.c
@@ -1,152 +0,0 @@
-/* crypto/evp/e_ofb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_ede_ofb_cipher2=
-        {
-        NID_des_ede_ofb64,
-        1,16,8,
-        des_ede_ofb_init_key,
-        des_ede_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-static EVP_CIPHER d_ede3_ofb_cipher3=
-        {
-        NID_des_ede3_ofb64,
-        1,24,8,
-        des_ede3_ofb_init_key,
-        des_ede_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_ede_ofb(void)
-        {
-        return(&d_ede_ofb_cipher2);
-        }
-
-EVP_CIPHER *EVP_des_ede3_ofb(void)
-        {
-        return(&d_ede3_ofb_cipher3);
-        }
-        
-static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                memcpy( (char *)ctx->c.des_ede.ks3,
-                        (char *)ctx->c.des_ede.ks1,
-                        sizeof(ctx->c.des_ede.ks1));
-                }
-        }
-
-static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
-                des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
-                des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
-                }
-        }
-
-static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_ede3_ofb64_encrypt(in,out,inl,ctx->c.des_ede.ks1,
-                               ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-                               (des_cblock *)&(ctx->iv[0]),&ctx->num);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_bf.c b/src/lib/libssl/src/crypto/evp/e_ofb_bf.c
index c82154b549..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_bf.c
@@ -1,109 +0,0 @@
-/* crypto/evp/e_ofb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BF
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER bfish_ofb_cipher=
-        {
-        NID_bf_ofb64,
-        1,EVP_BLOWFISH_KEY_SIZE,8,
-        bf_ofb_init_key,
-        bf_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_bf_ofb(void)
-        {
-        return(&bfish_ofb_cipher);
-        }
-        
-static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-        }
-
-static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        BF_ofb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.bf_ks),
-                &(ctx->iv[0]),
-                &ctx->num);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_c.c b/src/lib/libssl/src/crypto/evp/e_ofb_c.c
index 971043de4c..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_c.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_c.c
@@ -1,110 +0,0 @@
-/* crypto/evp/e_ofb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER cast5_ofb_cipher=
-        {
-        NID_cast5_ofb64,
-        1,EVP_CAST5_KEY_SIZE,8,
-        cast_ofb_init_key,
-        cast_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_cast5_ofb(void)
-        {
-        return(&cast5_ofb_cipher);
-        }
-        
-static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-        }
-
-static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        CAST_ofb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.cast_ks),
-                &(ctx->iv[0]),
-                &ctx->num);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_d.c b/src/lib/libssl/src/crypto/evp/e_ofb_d.c
index d51ce230f4..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_d.c
@@ -1,107 +0,0 @@
-/* crypto/evp/e_ofb_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_ofb_cipher=
-        {
-        NID_des_ofb64,
-        1,8,8,
-        des_ofb_init_key,
-        des_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_des_ofb(void)
-        {
-        return(&d_ofb_cipher);
-        }
-        
-static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        des_cblock *deskey = (des_cblock *)key;
-
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                des_set_key_unchecked(deskey,ctx->c.des_ks);
-        }
-
-static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        des_ofb64_encrypt(in,out,inl,ctx->c.des_ks,
-                (des_cblock *)&(ctx->iv[0]),&ctx->num);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_i.c b/src/lib/libssl/src/crypto/evp/e_ofb_i.c
index 389206ef36..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_i.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_i.c
@@ -1,109 +0,0 @@
-/* crypto/evp/e_ofb_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER i_ofb_cipher=
-        {
-        NID_idea_ofb64,
-        1,IDEA_KEY_LENGTH,IDEA_BLOCK,
-        idea_ofb_init_key,
-        idea_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_idea_ofb(void)
-        {
-        return(&i_ofb_cipher);
-        }
-        
-static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-        }
-
-static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        idea_ofb64_encrypt(
-                in,out,(long)inl,
-                &(ctx->c.idea_ks),&(ctx->iv[0]),
-                &ctx->num);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_r2.c b/src/lib/libssl/src/crypto/evp/e_ofb_r2.c
index 60ae3d4507..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_r2.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_r2.c
@@ -1,111 +0,0 @@
-/* crypto/evp/e_ofb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER r2_ofb_cipher=
-        {
-        NID_rc2_ofb64,
-        1,EVP_RC2_KEY_SIZE,8,
-        rc2_ofb_init_key,
-        rc2_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_rc2_ofb(void)
-        {
-        return(&r2_ofb_cipher);
-        }
-        
-static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-                        key,EVP_CIPHER_CTX_key_length(ctx)*8);
-        }
-
-static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC2_ofb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.rc2_ks),
-                &(ctx->iv[0]),
-                &ctx->num);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_ofb_r5.c b/src/lib/libssl/src/crypto/evp/e_ofb_r5.c
index 30136824eb..e69de29bb2 100644
--- a/src/lib/libssl/src/crypto/evp/e_ofb_r5.c
+++ b/src/lib/libssl/src/crypto/evp/e_ofb_r5.c
@@ -1,111 +0,0 @@
-/* crypto/evp/e_ofb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
-static EVP_CIPHER rc5_ofb_cipher=
-        {
-        NID_rc5_ofb64,
-        1,EVP_RC5_32_12_16_KEY_SIZE,8,
-        rc5_32_12_16_ofb_init_key,
-        rc5_32_12_16_ofb_cipher,
-        NULL,
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        };
-
-EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
-        {
-        return(&rc5_ofb_cipher);
-        }
-        
-static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
-        {
-        ctx->num=0;
-
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (key != NULL)
-                RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-                        RC5_12_ROUNDS);
-        }
-
-static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
-        {
-        RC5_32_ofb64_encrypt(
-                in,out,
-                (long)inl, &(ctx->c.rc5_ks),
-                &(ctx->iv[0]),
-                &ctx->num);
-        }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c
new file mode 100644
index 0000000000..3955c3ef84
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_rc2.c
@@ -0,0 +1,222 @@
+/* crypto/evp/e_rc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC2
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv,int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2,
+                        8,
+                        EVP_RC2_KEY_SIZE, 8,
+                        EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                        rc2_init_key, NULL,
+                        rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
+                        rc2_ctrl)
+
+#define RC2_40_MAGIC    0xa0
+#define RC2_64_MAGIC    0x78
+#define RC2_128_MAGIC   0x3a
+
+static EVP_CIPHER r2_64_cbc_cipher=
+        {
+        NID_rc2_64_cbc,
+        8,8 /* 64 bit */,8,
+        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+        rc2_init_key,
+        rc2_cbc_cipher,
+        NULL,
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)),
+        rc2_set_asn1_type_and_iv,
+        rc2_get_asn1_type_and_iv,
+        rc2_ctrl,
+        NULL
+        };
+
+static EVP_CIPHER r2_40_cbc_cipher=
+        {
+        NID_rc2_40_cbc,
+        8,5 /* 40 bit */,8,
+        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+        rc2_init_key,
+        rc2_cbc_cipher,
+        NULL,
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)),
+        rc2_set_asn1_type_and_iv,
+        rc2_get_asn1_type_and_iv,
+        rc2_ctrl,
+        NULL
+        };
+
+EVP_CIPHER *EVP_rc2_64_cbc(void)
+        {
+        return(&r2_64_cbc_cipher);
+        }
+
+EVP_CIPHER *EVP_rc2_40_cbc(void)
+        {
+        return(&r2_40_cbc_cipher);
+        }
+        
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+        RC2_set_key(&(ctx->c.rc2.ks),EVP_CIPHER_CTX_key_length(ctx),
+                        key,ctx->c.rc2.key_bits);
+        return 1;
+        }
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+        {
+        int i;
+
+        EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+        if      (i == 128) return(RC2_128_MAGIC);
+        else if (i == 64)  return(RC2_64_MAGIC);
+        else if (i == 40)  return(RC2_40_MAGIC);
+        else return(0);
+        }
+
+static int rc2_magic_to_meth(int i)
+        {
+        if      (i == RC2_128_MAGIC) return 128;
+        else if (i == RC2_64_MAGIC)  return 64;
+        else if (i == RC2_40_MAGIC)  return 40;
+        else
+                {
+                EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+                return(0);
+                }
+        }
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        long num=0;
+        int i=0,l;
+        int key_bits;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+
+        if (type != NULL)
+                {
+                l=EVP_CIPHER_CTX_iv_length(c);
+                i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
+                if (i != l)
+                        return(-1);
+                key_bits =rc2_magic_to_meth((int)num);
+                if (!key_bits)
+                        return(-1);
+                if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+                EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+                EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+                }
+        return(i);
+        }
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        long num;
+        int i=0,j;
+
+        if (type != NULL)
+                {
+                num=rc2_meth_to_magic(c);
+                j=EVP_CIPHER_CTX_iv_length(c);
+                i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+                }
+        return(i);
+        }
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+                switch(type) {
+
+                        case EVP_CTRL_INIT:
+                        c->c.rc2.key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+                        return 1;
+
+                        case EVP_CTRL_GET_RC2_KEY_BITS:
+                        *(int *)ptr = c->c.rc2.key_bits;
+                        return 1;
+                        
+                        
+                        case EVP_CTRL_SET_RC2_KEY_BITS:
+                        if(arg > 0) {
+                                c->c.rc2.key_bits = arg;
+                                return 1;
+                        }
+                        return 0;
+
+                        default:
+                        return -1;
+                }
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c
index c7e58a75cc..1c1e3b3857 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc4.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc4.c
@@ -63,14 +63,15 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv,int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl);
 static EVP_CIPHER r4_cipher=
         {
         NID_rc4,
         1,EVP_RC4_KEY_SIZE,0,
+        EVP_CIPH_VARIABLE_LENGTH,
         rc4_init_key,
         rc4_cipher,
         NULL,
@@ -78,14 +79,22 @@ static EVP_CIPHER r4_cipher=
                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
         NULL,
         NULL,
+        NULL
         };
 
 static EVP_CIPHER r4_40_cipher=
         {
         NID_rc4_40,
         1,5 /* 40 bit */,0,
+        EVP_CIPH_VARIABLE_LENGTH,
         rc4_init_key,
         rc4_cipher,
+        NULL,
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+        NULL, 
+        NULL,
+        NULL
         };
 
 EVP_CIPHER *EVP_rc4(void)
@@ -98,18 +107,19 @@ EVP_CIPHER *EVP_rc4_40(void)
         return(&r4_40_cipher);
         }
 
-static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
         {
-        if (key != NULL)
-                memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
+        memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
         RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
                 ctx->c.rc4.key);
+        return 1;
         }
 
-static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl)
         {
         RC4(&(ctx->c.rc4.ks),inl,in,out);
+        return 1;
         }
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc5.c b/src/lib/libssl/src/crypto/evp/e_rc5.c
new file mode 100644
index 0000000000..5885f1826b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_rc5.c
@@ -0,0 +1,118 @@
+/* crypto/evp/e_rc5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC5
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv,int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, rc5.ks, RC5_32, rc5, NID_rc5,
+                        8, EVP_RC5_32_12_16_KEY_SIZE, 8, 
+                        EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                        r_32_12_16_init_key, NULL,
+                        NULL, NULL, rc5_ctrl)
+
+
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+                switch(type) {
+
+                        case EVP_CTRL_INIT:
+                        c->c.rc5.rounds = RC5_12_ROUNDS;
+                        return 1;
+
+                        case EVP_CTRL_GET_RC5_ROUNDS:
+                        *(int *)ptr = c->c.rc5.rounds;
+                        return 1;
+                        
+                        
+                        case EVP_CTRL_SET_RC5_ROUNDS:
+                        switch(arg) {
+                                case RC5_8_ROUNDS:
+                                case RC5_12_ROUNDS:
+                                case RC5_16_ROUNDS:
+                                c->c.rc5.rounds = arg;
+                                return 1;
+
+                                default:
+                                EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                                return 0;
+                        }
+
+                        default:
+                        return -1;
+                }
+        }
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+        {
+        RC5_32_set_key(&(ctx->c.rc5.ks),EVP_CIPHER_CTX_key_length(ctx),
+                        key,ctx->c.rc5.rounds);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
index 7568fad4ff..e5b15acc7d 100644
--- a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
@@ -62,14 +62,15 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-        unsigned char *iv,int enc);
-static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        unsigned char *in, unsigned int inl);
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv,int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl);
 static EVP_CIPHER d_xcbc_cipher=
         {
         NID_desx_cbc,
         8,24,8,
+        EVP_CIPH_CBC_MODE,
         desx_cbc_init_key,
         desx_cbc_cipher,
         NULL,
@@ -77,6 +78,7 @@ static EVP_CIPHER d_xcbc_cipher=
                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
         EVP_CIPHER_set_asn1_iv,
         EVP_CIPHER_get_asn1_iv,
+        NULL
         };
 
 EVP_CIPHER *EVP_desx_cbc(void)
@@ -84,29 +86,26 @@ EVP_CIPHER *EVP_desx_cbc(void)
         return(&d_xcbc_cipher);
         }
         
-static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-             unsigned char *iv, int enc)
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
         {
         des_cblock *deskey = (des_cblock *)key;
 
-        if (iv != NULL)
-                memcpy(&(ctx->oiv[0]),iv,8);
-        memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-        if (deskey != NULL)
-                {
-                des_set_key_unchecked(deskey,ctx->c.desx_cbc.ks);
-                memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
-                memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
-                }
+        des_set_key_unchecked(deskey,ctx->c.desx_cbc.ks);
+        memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
+        memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
+
+        return 1;
         }
 
-static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             unsigned char *in, unsigned int inl)
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
         {
         des_xcbc_encrypt(in,out,inl,ctx->c.desx_cbc.ks,
                 (des_cblock *)&(ctx->iv[0]),
                 &ctx->c.desx_cbc.inw,
                 &ctx->c.desx_cbc.outw,
                 ctx->encrypt);
+        return 1;
         }
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index 14a4cb11f6..6ff9c1783c 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -292,7 +292,17 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                 /* If we are at the end of input and it looks like a
                  * line, process it. */
                 if (((i+1) == inl) && (((n&3) == 0) || eof))
+                        {
                         v=B64_EOF;
+                        /* In case things were given us in really small
+                           records (so two '=' were given in separate
+                           updates), eof may contain the incorrect number
+                           of ending bytes to skip, so let's redo the count */
+                        eof = 0;
+                        if (d[n-1] == '=') eof++;
+                        if (d[n-2] == '=') eof++;
+                        /* There will never be more than two '=' */
+                        }
 
                 if ((v == B64_EOF) || (n >= 64))
                         {
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 54215b0905..f5b938d2f8 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -59,13 +59,23 @@
 #ifndef HEADER_ENVELOPE_H
 #define HEADER_ENVELOPE_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+#else
+# define OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# undef OPENSSL_ALGORITHM_DEFINES
 #endif
 
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
 #ifndef NO_MD2
 #include <openssl/md2.h>
 #endif
+#ifndef NO_MD4
+#include <openssl/md4.h>
+#endif
 #ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -147,6 +157,10 @@ extern "C" {
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Type needs to be a bit field
  * Sub-type needs to be for variations on the method, as in, can it do
  * arbitrary encryption.... */
@@ -168,7 +182,7 @@ typedef struct evp_pkey_st
 #endif
                 } pkey;
         int save_parameters;
-        STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */
+        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
         } EVP_PKEY;
 
 #define EVP_PKEY_MO_SIGN        0x0001
@@ -298,6 +312,9 @@ typedef struct env_md_ctx_st
 #ifndef NO_MD5
                 MD5_CTX md5;
 #endif
+#ifndef NO_MD4
+                MD4_CTX md4;
+#endif
 #ifndef NO_RIPEMD
                 RIPEMD160_CTX ripemd160;
 #endif
@@ -310,21 +327,57 @@ typedef struct env_md_ctx_st
                 } md;
         } EVP_MD_CTX;
 
-typedef struct evp_cipher_st
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+
+struct evp_cipher_st
         {
         int nid;
         int block_size;
-        int key_len;
+        int key_len;            /* Default value for variable length ciphers */
         int iv_len;
-        void (*init)();         /* init for encryption */
-        void (*do_cipher)();    /* encrypt data */
-        void (*cleanup)();      /* used by cipher method */ 
+        unsigned long flags;    /* Various flags */
+        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                    const unsigned char *iv, int enc);  /* init key */
+        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
         int ctx_size;           /* how big the ctx needs to be */
-        /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
-        int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */
-        /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
-        int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */
-        } EVP_CIPHER;
+        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
+        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
+        int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
+        void *app_data;         /* Application data */
+        };
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+#define         EVP_CIPH_STREAM_CIPHER          0x0
+#define         EVP_CIPH_ECB_MODE               0x1
+#define         EVP_CIPH_CBC_MODE               0x2
+#define         EVP_CIPH_CFB_MODE               0x3
+#define         EVP_CIPH_OFB_MODE               0x4
+#define         EVP_CIPH_MODE                   0x7
+/* Set if variable length cipher */
+#define         EVP_CIPH_VARIABLE_LENGTH        0x8
+/* Set if the iv handling should be done by the cipher itself */
+#define         EVP_CIPH_CUSTOM_IV              0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+#define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
+/* Call ctrl() to init cipher parameters */
+#define         EVP_CIPH_CTRL_INIT              0x40
+/* Don't use standard key length function */
+#define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
+
+/* ctrl() values */
+
+#define         EVP_CTRL_INIT                   0x0
+#define         EVP_CTRL_SET_KEY_LENGTH         0x1
+#define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
+#define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
+#define         EVP_CTRL_GET_RC5_ROUNDS         0x4
+#define         EVP_CTRL_SET_RC5_ROUNDS         0x5
 
 typedef struct evp_cipher_info_st
         {
@@ -332,7 +385,7 @@ typedef struct evp_cipher_info_st
         unsigned char iv[EVP_MAX_IV_LENGTH];
         } EVP_CIPHER_INFO;
 
-typedef struct evp_cipher_ctx_st
+struct evp_cipher_ctx_st
         {
         const EVP_CIPHER *cipher;
         int encrypt;            /* encrypt or decrypt */
@@ -343,7 +396,8 @@ typedef struct evp_cipher_ctx_st
         unsigned char buf[EVP_MAX_IV_LENGTH];   /* saved partial block */
         int num;                                /* used by cfb/ofb mode */
 
-        char *app_data;         /* application stuff */
+        void *app_data;         /* application stuff */
+        int key_len;            /* May change for variable length cipher */
         union   {
 #ifndef NO_RC4
                 struct
@@ -371,10 +425,16 @@ typedef struct evp_cipher_ctx_st
                 IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
 #endif
 #ifndef NO_RC2
-                RC2_KEY rc2_ks;/* key schedule */
+                struct {
+                        int key_bits;   /* effective key bits */
+                        RC2_KEY ks;/* key schedule */
+                } rc2;
 #endif
 #ifndef NO_RC5
-                RC5_32_KEY rc5_ks;/* key schedule */
+                struct {
+                        int rounds;     /* number of rounds */
+                        RC5_32_KEY ks;/* key schedule */
+                } rc5;
 #endif
 #ifndef NO_BF
                 BF_KEY bf_ks;/* key schedule */
@@ -383,7 +443,7 @@ typedef struct evp_cipher_ctx_st
                 CAST_KEY cast_ks;/* key schedule */
 #endif
                 } c;
-        } EVP_CIPHER_CTX;
+        };
 
 typedef struct evp_Encode_Ctx_st
         {
@@ -430,15 +490,19 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_CIPHER_block_size(e)        ((e)->block_size)
 #define EVP_CIPHER_key_length(e)        ((e)->key_len)
 #define EVP_CIPHER_iv_length(e)         ((e)->iv_len)
+#define EVP_CIPHER_flags(e)             ((e)->flags)
+#define EVP_CIPHER_mode(e)              ((e)->flags) & EVP_CIPH_MODE)
 
 #define EVP_CIPHER_CTX_cipher(e)        ((e)->cipher)
 #define EVP_CIPHER_CTX_nid(e)           ((e)->cipher->nid)
 #define EVP_CIPHER_CTX_block_size(e)    ((e)->cipher->block_size)
-#define EVP_CIPHER_CTX_key_length(e)    ((e)->cipher->key_len)
+#define EVP_CIPHER_CTX_key_length(e)    ((e)->key_len)
 #define EVP_CIPHER_CTX_iv_length(e)     ((e)->cipher->iv_len)
 #define EVP_CIPHER_CTX_get_app_data(e)  ((e)->app_data)
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+#define EVP_CIPHER_CTX_flags(e)         ((e)->cipher->flags)
+#define EVP_CIPHER_CTX_mode(e)          ((e)->cipher->flags & EVP_CIPH_MODE)
 
 #define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
@@ -486,21 +550,21 @@ int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
                 unsigned char *data, int datal, int count,
                 unsigned char *key,unsigned char *iv);
 
-void    EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                 unsigned char *key, unsigned char *iv);
-void    EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+int     EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 int *outl, unsigned char *in, int inl);
-void    EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+int     EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-void    EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+int     EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                 unsigned char *key, unsigned char *iv);
-void    EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+int     EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 int *outl, unsigned char *in, int inl);
 int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
-void    EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+int     EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                        unsigned char *key,unsigned char *iv,int enc);
-void    EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+int     EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 int *outl, unsigned char *in, int inl);
 int     EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
@@ -534,9 +598,11 @@ int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 void    ERR_load_EVP_strings(void );
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
@@ -547,6 +613,7 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 
 EVP_MD *EVP_md_null(void);
 EVP_MD *EVP_md2(void);
+EVP_MD *EVP_md4(void);
 EVP_MD *EVP_md5(void);
 EVP_MD *EVP_sha(void);
 EVP_MD *EVP_sha1(void);
@@ -683,6 +750,9 @@ void EVP_PBE_cleanup(void);
 
 /* Function codes. */
 #define EVP_F_D2I_PKEY                                   100
+#define EVP_F_EVP_CIPHERINIT                             123
+#define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
 #define EVP_F_EVP_DECRYPTFINAL                           101
 #define EVP_F_EVP_MD_CTX_COPY                            110
 #define EVP_F_EVP_OPENINIT                               102
@@ -703,12 +773,15 @@ void EVP_PBE_cleanup(void);
 #define EVP_F_PKCS5_PBE_KEYIVGEN                         117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 #define EVP_F_RC2_MAGIC_TO_METH                          109
+#define EVP_F_RC5_CTRL                                   125
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT                                100
 #define EVP_R_BN_DECODE_ERROR                            112
 #define EVP_R_BN_PUBKEY_ERROR                            113
 #define EVP_R_CIPHER_PARAMETER_ERROR                     122
+#define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 #define EVP_R_DECODE_ERROR                               114
 #define EVP_R_DIFFERENT_KEY_TYPES                        101
 #define EVP_R_ENCODE_ERROR                               115
@@ -716,16 +789,20 @@ void EVP_PBE_cleanup(void);
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
+#define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
+#define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_IV_TOO_LARGE                               102
 #define EVP_R_KEYGEN_FAILURE                             120
 #define EVP_R_MISSING_PARAMETERS                         103
+#define EVP_R_NO_CIPHER_SET                              131
 #define EVP_R_NO_DSA_PARAMETERS                          116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
 #define EVP_R_PUBLIC_KEY_NOT_RSA                         106
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_CIPHER                         107
 #define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index 5299a65b6a..e2687f9879 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -59,6 +59,8 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include <openssl/err.h>
+#include "evp_locl.h"
 
 const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 
@@ -68,55 +70,84 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
         /* ctx->cipher=NULL; */
         }
 
-void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *data,
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
              unsigned char *key, unsigned char *iv, int enc)
         {
-        if (enc)
-                EVP_EncryptInit(ctx,data,key,iv);
-        else    
-                EVP_DecryptInit(ctx,data,key,iv);
+        if(enc && (enc != -1)) enc = 1;
+        if (cipher) {
+                ctx->cipher=cipher;
+                ctx->key_len = cipher->key_len;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                        }
+                }
+        } else if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+                return 0;
         }
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
 
-void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                        ctx->num = 0;
+
+                        case EVP_CIPH_CBC_MODE:
+
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        if(enc != -1) ctx->encrypt=enc;
+        ctx->buf_len=0;
+        return 1;
+        }
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
              unsigned char *in, int inl)
         {
         if (ctx->encrypt)
-                EVP_EncryptUpdate(ctx,out,outl,in,inl);
-        else    EVP_DecryptUpdate(ctx,out,outl,in,inl);
+                return EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        else    return EVP_DecryptUpdate(ctx,out,outl,in,inl);
         }
 
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         {
         if (ctx->encrypt)
-                {
-                EVP_EncryptFinal(ctx,out,outl);
-                return(1);
-                }
+                return EVP_EncryptFinal(ctx,out,outl);
         else    return(EVP_DecryptFinal(ctx,out,outl));
         }
 
-void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
              unsigned char *key, unsigned char *iv)
         {
-        if (cipher != NULL)
-                ctx->cipher=cipher;
-        ctx->cipher->init(ctx,key,iv,1);
-        ctx->encrypt=1;
-        ctx->buf_len=0;
+        return EVP_CipherInit(ctx, cipher, key, iv, 1);
         }
 
-void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
              unsigned char *key, unsigned char *iv)
         {
-        if (cipher != NULL)
-                ctx->cipher=cipher;
-        ctx->cipher->init(ctx,key,iv,0);
-        ctx->encrypt=0;
-        ctx->buf_len=0;
+        return EVP_CipherInit(ctx, cipher, key, iv, 0);
         }
 
 
-void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
              unsigned char *in, int inl)
         {
         int i,j,bl;
@@ -124,20 +155,20 @@ void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         i=ctx->buf_len;
         bl=ctx->cipher->block_size;
         *outl=0;
-        if ((inl == 0) && (i != bl)) return;
+        if ((inl == 0) && (i != bl)) return 1;
         if (i != 0)
                 {
                 if (i+inl < bl)
                         {
                         memcpy(&(ctx->buf[i]),in,inl);
                         ctx->buf_len+=inl;
-                        return;
+                        return 1;
                         }
                 else
                         {
                         j=bl-i;
                         if (j != 0) memcpy(&(ctx->buf[i]),in,j);
-                        ctx->cipher->do_cipher(ctx,out,ctx->buf,bl);
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                         inl-=j;
                         in+=j;
                         out+=bl;
@@ -148,16 +179,17 @@ void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         inl-=i;
         if (inl > 0)
                 {
-                ctx->cipher->do_cipher(ctx,out,in,inl);
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                 *outl+=inl;
                 }
 
         if (i != 0)
                 memcpy(ctx->buf,&(in[inl]),i);
         ctx->buf_len=i;
+        return 1;
         }
 
-void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         {
         int i,n,b,bl;
 
@@ -165,24 +197,25 @@ void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         if (b == 1)
                 {
                 *outl=0;
-                return;
+                return 1;
                 }
         bl=ctx->buf_len;
         n=b-bl;
         for (i=bl; i<b; i++)
                 ctx->buf[i]=n;
-        ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,b)) return 0;
         *outl=b;
+        return 1;
         }
 
-void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
              unsigned char *in, int inl)
         {
         int b,bl,n;
         int keep_last=0;
 
         *outl=0;
-        if (inl == 0) return;
+        if (inl == 0) return 1;
 
         b=ctx->cipher->block_size;
         if (b > 1)
@@ -197,13 +230,13 @@ void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                                 memcpy(&(ctx->buf[bl]),in,inl);
                                 ctx->buf_len=b;
                                 *outl=0;
-                                return;
+                                return 1;
                                 }
                         keep_last=1;
                         inl-=b; /* don't do the last block */
                         }
                 }
-        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) return 0;
 
         /* if we have 'decrypted' a multiple of block size, make sure
          * we have a copy of this last block */
@@ -218,6 +251,7 @@ void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 #endif
                 ctx->buf_len=b;
                 }
+        return 1;
         }
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@@ -234,7 +268,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                         EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                         return(0);
                         }
-                EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0);
+                if(!EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0)) return 0;
                 if (n != b)
                         return(0);
                 n=ctx->buf[b-1];
@@ -261,10 +295,47 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         return(1);
         }
 
-void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
         {
         if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
-                c->cipher->cleanup(c);
+                {
+                if(!c->cipher->cleanup(c)) return 0;
+                }
         memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+        {
+        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
+                return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+        if(c->key_len == keylen) return 1;
+        if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
+                {
+                c->key_len = keylen;
+                return 1;
+                }
+        EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+        return 0;
+        }
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
         }
 
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
index fc149cbb1a..a01412a07c 100644
--- a/src/lib/libssl/src/crypto/evp/evp_err.c
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -67,6 +67,9 @@
 static ERR_STRING_DATA EVP_str_functs[]=
         {
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),  "D2I_PKEY"},
+{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),    "EVP_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),       "EVP_CIPHER_CTX_ctrl"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),     "EVP_CIPHER_CTX_set_key_length"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),  "EVP_DecryptFinal"},
 {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),   "EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),      "EVP_OpenInit"},
@@ -87,6 +90,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),        "PKCS5_PBE_keyivgen"},
 {ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0),     "PKCS5_v2_PBE_keyivgen"},
 {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
+{ERR_PACK(0,EVP_F_RC5_CTRL,0),  "RC5_CTRL"},
 {0,NULL}
         };
 
@@ -96,6 +100,8 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
 {EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
 {EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
+{EVP_R_CTRL_NOT_IMPLEMENTED              ,"ctrl not implemented"},
+{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED    ,"ctrl operation not implemented"},
 {EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
 {EVP_R_ENCODE_ERROR                      ,"encode error"},
@@ -103,16 +109,20 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_EXPECTING_AN_RSA_KEY              ,"expecting an rsa key"},
 {EVP_R_EXPECTING_A_DH_KEY                ,"expecting a dh key"},
 {EVP_R_EXPECTING_A_DSA_KEY               ,"expecting a dsa key"},
+{EVP_R_INITIALIZATION_ERROR              ,"initialization error"},
 {EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
+{EVP_R_INVALID_KEY_LENGTH                ,"invalid key length"},
 {EVP_R_IV_TOO_LARGE                      ,"iv too large"},
 {EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
 {EVP_R_MISSING_PARAMETERS                ,"missing parameters"},
+{EVP_R_NO_CIPHER_SET                     ,"no cipher set"},
 {EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
 {EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
 {EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
 {EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
+{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS       ,"unsuported number of rounds"},
 {EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {EVP_R_UNSUPPORTED_KEYLENGTH             ,"unsupported keylength"},
 {EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
index 667c21cca8..09b72bf4bd 100644
--- a/src/lib/libssl/src/crypto/evp/evp_key.c
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -116,7 +116,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
                         EVP_DigestUpdate(&c,&(md_buf[0]),mds);
                 EVP_DigestUpdate(&c,data,datal);
                 if (salt != NULL)
-                        EVP_DigestUpdate(&c,salt,8);
+                        EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
                 EVP_DigestFinal(&c,&(md_buf[0]),&mds);
 
                 for (i=1; i<(unsigned int)count; i++)
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h
new file mode 100644
index 0000000000..ce49d5b7d8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_locl.h
@@ -0,0 +1,168 @@
+/* evp_locl.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define BLOCK_CIPHER_ecb_loop() \
+        unsigned int i; \
+        if(inl < 8) return 1;\
+        inl -= 8; \
+        for(i=0; i <= inl; i+=8) \
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+                cprefix##_ecb_encrypt(in + i, out + i, &ctx->c.kname, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, kname) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_ofb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_cbc_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \
+static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_cfb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, kname)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+
+
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \
+                                nid, block_size, key_len, iv_len, flags, \
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, flags,\
+                 init_key, cleanup, set_asn1, get_asn1, ctrl) 
+
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c
index 353c3ad667..224a422b12 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -92,7 +92,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
                 ERR_add_error_data(2, "TYPE=", obj_tmp);
                 return 0;
         }
-        if (passlen == -1) passlen = strlen(pass);
+        if(!pass) passlen = 0;
+        else if (passlen == -1) passlen = strlen(pass);
         pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
         i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
                                                  pbetmp->md, en_de);
@@ -103,8 +104,9 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         return 1;       
 }
 
-static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2)
+static int pbe_cmp(const char * const *a, const char * const *b)
 {
+        EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a,  **pbe2 = (EVP_PBE_CTL **)b;
         return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
 }
 
@@ -114,8 +116,8 @@ int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
              EVP_PBE_KEYGEN *keygen)
 {
         EVP_PBE_CTL *pbe_tmp;
-        if (!pbe_algs) pbe_algs = sk_new (pbe_cmp);
-        if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) {
+        if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
                 EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -129,6 +131,6 @@ int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
 
 void EVP_PBE_cleanup(void)
 {
-        sk_pop_free(pbe_algs, FreeFunc);
+        sk_pop_free(pbe_algs, OPENSSL_freeFunc);
         pbe_algs = NULL;
 }
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 4ab091fa56..8df2874f3c 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -76,7 +76,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
         DSA *dsa = NULL;
         ASN1_INTEGER *privkey;
         ASN1_TYPE *t1, *t2, *param = NULL;
-        STACK *ndsa = NULL;
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
         BN_CTX *ctx = NULL;
         int plen;
 #endif
@@ -119,13 +119,13 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
         
                 /* Check for broken DSA PKCS#8, UGH! */
                 if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
-                                        (char *(*)())d2i_ASN1_TYPE,
-                                                         ASN1_TYPE_free))) {
+                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
+                                                          d2i_ASN1_TYPE,
+                                                          ASN1_TYPE_free))) {
                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
                         goto dsaerr;
                     }
-                    if(sk_num(ndsa) != 2 ) {
+                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
                         EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
                         goto dsaerr;
                     }
@@ -134,8 +134,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
                      * SEQUENCE {pub_key, priv_key}
                      */
 
-                    t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
-                    t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
+                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
+                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
                     if(t1->type == V_ASN1_SEQUENCE) {
                         p8->broken = PKCS8_EMBEDDED_PARAM;
                         param = t1;
@@ -193,12 +193,12 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 
                 EVP_PKEY_assign_DSA(pkey, dsa);
                 BN_CTX_free (ctx);
-                if(ndsa) sk_pop_free(ndsa, ASN1_TYPE_free);
+                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                 else ASN1_INTEGER_free(privkey);
                 break;
                 dsaerr:
                 BN_CTX_free (ctx);
-                sk_pop_free(ndsa, ASN1_TYPE_free);
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                 DSA_free(dsa);
                 EVP_PKEY_free(pkey);
                 return NULL;
@@ -302,12 +302,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
         ASN1_STRING *params;
         ASN1_INTEGER *prkey;
         ASN1_TYPE *ttmp;
-        STACK *ndsa;
+        STACK_OF(ASN1_TYPE) *ndsa;
         unsigned char *p, *q;
         int len;
+
         p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
         len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = Malloc(len))) {
+        if (!(p = OPENSSL_malloc(len))) {
                 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                 PKCS8_PRIV_KEY_INFO_free (p8);
                 return 0;
@@ -316,7 +317,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
         i2d_DSAparams (pkey->pkey.dsa, &q);
         params = ASN1_STRING_new();
         ASN1_STRING_set(params, p, len);
-        Free(p);
+        OPENSSL_free(p);
         /* Get private key into integer */
         if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
                 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
@@ -345,7 +346,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 
                 p8->pkeyalg->parameter->value.sequence = params;
                 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                ndsa = sk_new_null();
+                ndsa = sk_ASN1_TYPE_new_null();
                 ttmp = ASN1_TYPE_new();
                 if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
                         EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
@@ -353,53 +354,53 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                         return 0;
                 }
                 ttmp->type = V_ASN1_INTEGER;
-                sk_push(ndsa, (char *)ttmp);
+                sk_ASN1_TYPE_push(ndsa, ttmp);
 
                 ttmp = ASN1_TYPE_new();
                 ttmp->value.integer = prkey;
                 ttmp->type = V_ASN1_INTEGER;
-                sk_push(ndsa, (char *)ttmp);
+                sk_ASN1_TYPE_push(ndsa, ttmp);
 
                 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
 
-                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
                                          &p8->pkey->value.octet_string->data,
                                          &p8->pkey->value.octet_string->length)) {
 
                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                         M_ASN1_INTEGER_free(prkey);
                         return 0;
                 }
-                sk_pop_free(ndsa, ASN1_TYPE_free);
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                 break;
 
                 case PKCS8_EMBEDDED_PARAM:
 
                 p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                ndsa = sk_new_null();
+                ndsa = sk_ASN1_TYPE_new_null();
                 ttmp = ASN1_TYPE_new();
                 ttmp->value.sequence = params;
                 ttmp->type = V_ASN1_SEQUENCE;
-                sk_push(ndsa, (char *)ttmp);
+                sk_ASN1_TYPE_push(ndsa, ttmp);
 
                 ttmp = ASN1_TYPE_new();
                 ttmp->value.integer = prkey;
                 ttmp->type = V_ASN1_INTEGER;
-                sk_push(ndsa, (char *)ttmp);
+                sk_ASN1_TYPE_push(ndsa, ttmp);
 
                 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
 
-                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
                                          &p8->pkey->value.octet_string->data,
                                          &p8->pkey->value.octet_string->length)) {
 
                         EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                         M_ASN1_INTEGER_free (prkey);
                         return 0;
                 }
-                sk_pop_free(ndsa, ASN1_TYPE_free);
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
                 break;
         }
         return 1;
diff --git a/src/lib/libssl/src/crypto/evp/m_md4.c b/src/lib/libssl/src/crypto/evp/m_md4.c
new file mode 100644
index 0000000000..6a24ceb86d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_md4.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_MD4
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static EVP_MD md4_md=
+        {
+        NID_md4,
+        0,
+        MD4_DIGEST_LENGTH,
+        MD4_Init,
+        MD4_Update,
+        MD4_Final,
+        EVP_PKEY_RSA_method,
+        MD4_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(MD4_CTX),
+        };
+
+EVP_MD *EVP_md4(void)
+        {
+        return(&md4_md);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c
index e3dae52d4d..6bfa2c5acb 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c
@@ -125,6 +125,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         salt = pbe->salt->data;
         saltlen = pbe->salt->length;
 
+        if(!pass) passlen = 0;
+        else if(passlen == -1) passlen = strlen(pass);
+
         EVP_DigestInit (&ctx, md);
         EVP_DigestUpdate (&ctx, pass, passlen);
         EVP_DigestUpdate (&ctx, salt, saltlen);
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 27a2c518be..717fad68ca 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -86,7 +86,8 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
         HMAC_CTX hctx;
         p = out;
         tkeylen = keylen;
-        if(passlen == -1) passlen = strlen(pass);
+        if(!pass) passlen = 0;
+        else if(passlen == -1) passlen = strlen(pass);
         while(tkeylen) {
                 if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
                 else cplen = tkeylen;
diff --git a/src/lib/libssl/src/crypto/evp/p_lib.c b/src/lib/libssl/src/crypto/evp/p_lib.c
index 4cb387f8de..62398ed74d 100644
--- a/src/lib/libssl/src/crypto/evp/p_lib.c
+++ b/src/lib/libssl/src/crypto/evp/p_lib.c
@@ -180,7 +180,7 @@ EVP_PKEY *EVP_PKEY_new(void)
         {
         EVP_PKEY *ret;
 
-        ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY));
+        ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
         if (ret == NULL)
                 {
                 EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
@@ -302,7 +302,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
                 }
 #endif
         EVP_PKEY_free_it(x);
-        Free(x);
+        OPENSSL_free(x);
         }
 
 static void EVP_PKEY_free_it(EVP_PKEY *x)
diff --git a/src/lib/libssl/src/crypto/evp/p_open.c b/src/lib/libssl/src/crypto/evp/p_open.c
index b9ca7892c2..2760c00fec 100644
--- a/src/lib/libssl/src/crypto/evp/p_open.c
+++ b/src/lib/libssl/src/crypto/evp/p_open.c
@@ -68,37 +68,41 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
         {
         unsigned char *key=NULL;
         int i,size=0,ret=0;
-        
+
+        if(type) {      
+                EVP_CIPHER_CTX_init(ctx);
+                if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+        }
+
+        if(!priv) return 1;
+
         if (priv->type != EVP_PKEY_RSA)
                 {
                 EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-                ret= -1;
                 goto err;
                 }
 
         size=RSA_size(priv->pkey.rsa);
-        key=(unsigned char *)Malloc(size+2);
+        key=(unsigned char *)OPENSSL_malloc(size+2);
         if (key == NULL)
                 {
                 /* ERROR */
                 EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
-                ret= -1;
                 goto err;
                 }
 
         i=EVP_PKEY_decrypt(key,ek,ekl,priv);
-        if (i != type->key_len)
+        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
                 {
                 /* ERROR */
                 goto err;
                 }
+        if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
 
-        EVP_CIPHER_CTX_init(ctx);
-        EVP_DecryptInit(ctx,type,key,iv);
         ret=1;
 err:
         if (key != NULL) memset(key,0,size);
-        Free(key);
+        OPENSSL_free(key);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/evp/p_seal.c b/src/lib/libssl/src/crypto/evp/p_seal.c
index d449e892bf..2fd1d7e0c2 100644
--- a/src/lib/libssl/src/crypto/evp/p_seal.c
+++ b/src/lib/libssl/src/crypto/evp/p_seal.c
@@ -72,18 +72,21 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
         unsigned char key[EVP_MAX_KEY_LENGTH];
         int i;
         
+        if(type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+        }
         if (npubk <= 0) return(0);
         if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
                 return(0);
-        if (type->iv_len > 0)
-                RAND_pseudo_bytes(iv,type->iv_len);
+        if (EVP_CIPHER_CTX_iv_length(ctx))
+                RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
 
-        EVP_CIPHER_CTX_init(ctx);
-        EVP_EncryptInit(ctx,type,key,iv);
+        if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
 
         for (i=0; i<npubk; i++)
                 {
-                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_key_length(type),
+                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
                         pubk[i]);
                 if (ekl[i] <= 0) return(-1);
                 }
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c
index a057dd3b68..1ee88da2a8 100644
--- a/src/lib/libssl/src/crypto/ex_data.c
+++ b/src/lib/libssl/src/crypto/ex_data.c
@@ -77,7 +77,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
                 CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+        a=(CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
         if (a == NULL)
                 {
                 CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
@@ -93,7 +93,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
                 if (!sk_CRYPTO_EX_DATA_FUNCS_push(*skp,NULL))
                         {
                         CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-                        Free(a);
+                        OPENSSL_free(a);
                         goto err;
                         }
                 }
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile.ssl b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
index 04b1b9be98..cf57311973 100644
--- a/src/lib/libssl/src/crypto/hmac/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
@@ -85,10 +85,11 @@ hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
 hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
 hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-hmac.o: ../../include/openssl/stack.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
index 223eeda7f3..328bad2608 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.h
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -58,10 +58,6 @@
 #ifndef HEADER_HMAC_H
 #define HEADER_HMAC_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_HMAC
 #error HMAC is disabled.
 #endif
@@ -70,6 +66,10 @@ extern "C" {
 
 #define HMAC_MAX_MD_CBLOCK      64
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct hmac_ctx_st
         {
         const EVP_MD *md;
diff --git a/src/lib/libssl/src/crypto/idea/idea.h b/src/lib/libssl/src/crypto/idea/idea.h
index ae32f5692e..f14adf8398 100644
--- a/src/lib/libssl/src/crypto/idea/idea.h
+++ b/src/lib/libssl/src/crypto/idea/idea.h
@@ -59,10 +59,6 @@
 #ifndef HEADER_IDEA_H
 #define HEADER_IDEA_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_IDEA
 #error IDEA is disabled.
 #endif
@@ -74,22 +70,26 @@ extern "C" {
 #define IDEA_BLOCK      8
 #define IDEA_KEY_LENGTH 16
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct idea_key_st
         {
         IDEA_INT data[9][6];
         } IDEA_KEY_SCHEDULE;
 
 const char *idea_options(void);
-void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
         IDEA_KEY_SCHEDULE *ks);
-void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
         long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
         long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
         int *num,int enc);
-void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
         long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
 void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/crypto/install.com b/src/lib/libssl/src/crypto/install.com
index 44cfc4e89a..ea97665471 100644
--- a/src/lib/libssl/src/crypto/install.com
+++ b/src/lib/libssl/src/crypto/install.com
@@ -32,14 +32,14 @@ $	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
            CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
-$       SDIRS := ,MD2,MD5,SHA,MDC2,HMAC,RIPEMD,-
+$       SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
                  DES,RC2,RC4,RC5,IDEA,BF,CAST,-
-                 BN,RSA,DSA,DH,-
+                 BN,RSA,DSA,DH,DSO,ENGINE,-
                  BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
-                 EVP,ASN1,PEM,X509,X509V3,-
-                 CONF,TXT_DB,PKCS7,PKCS12,COMP
-$       EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h
+                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP
+$       EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h
 $       EXHEADER_MD2 := md2.h
+$       EXHEADER_MD4 := md4.h
 $       EXHEADER_MD5 := md5.h
 $       EXHEADER_SHA := sha.h
 $       EXHEADER_MDC2 := mdc2.h
@@ -56,19 +56,21 @@ $	EXHEADER_BN := bn.h
 $       EXHEADER_RSA := rsa.h
 $       EXHEADER_DSA := dsa.h
 $       EXHEADER_DH := dh.h
+$       EXHEADER_DSO := dso.h
+$       EXHEADER_ENGINE := engine.h
 $       EXHEADER_BUFFER := buffer.h
 $       EXHEADER_BIO := bio.h
 $       EXHEADER_STACK := stack.h,safestack.h
 $       EXHEADER_LHASH := lhash.h
 $       EXHEADER_RAND := rand.h
 $       EXHEADER_ERR := err.h
-$       EXHEADER_OBJECTS := objects.h
+$       EXHEADER_OBJECTS := objects.h,obj_mac.h
 $       EXHEADER_EVP := evp.h
 $       EXHEADER_ASN1 := asn1.h,asn1_mac.h
 $       EXHEADER_PEM := pem.h,pem2.h
 $       EXHEADER_X509 := x509.h,x509_vfy.h
 $       EXHEADER_X509V3 := x509v3.h
-$       EXHEADER_CONF := conf.h
+$       EXHEADER_CONF := conf.h,conf_api.h
 $       EXHEADER_TXT_DB := txt_db.h
 $       EXHEADER_PKCS7 := pkcs7.h
 $       EXHEADER_PKCS12 := pkcs12.h
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile.ssl b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
index eef4000460..6c3d442e22 100644
--- a/src/lib/libssl/src/crypto/lhash/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
@@ -83,7 +83,9 @@ lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-lh_stats.o: ../../include/openssl/stack.h ../cryptlib.h
-lhash.o: ../../include/openssl/crypto.h ../../include/openssl/lhash.h
-lhash.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-lhash.o: ../../include/openssl/stack.h
+lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+lh_stats.o: ../cryptlib.h
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lhash.o: ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/lhash/lh_stats.c b/src/lib/libssl/src/crypto/lhash/lh_stats.c
index 80b931c12b..ee0600060e 100644
--- a/src/lib/libssl/src/crypto/lhash/lh_stats.c
+++ b/src/lib/libssl/src/crypto/lhash/lh_stats.c
@@ -63,9 +63,12 @@
  * and things should work as expected */
 #include "cryptlib.h"
 
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
 #include <openssl/lhash.h>
 
-#ifndef HEADER_BIO_H
+#ifdef NO_BIO
 
 void lh_stats(LHASH *lh, FILE *out)
         {
diff --git a/src/lib/libssl/src/crypto/lhash/lh_test.c b/src/lib/libssl/src/crypto/lhash/lh_test.c
index 08138b52c3..6008781e57 100644
--- a/src/lib/libssl/src/crypto/lhash/lh_test.c
+++ b/src/lib/libssl/src/crypto/lhash/lh_test.c
@@ -77,7 +77,7 @@ main()
                 if (buf[0] == '\0') break;
                 buf[256]='\0';
                 i=strlen(buf);
-                p=Malloc(i+1);
+                p=OPENSSL_malloc(i+1);
                 memcpy(p,buf,i+1);
                 lh_insert(conf,p);
                 }
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c
index 7eb92a18bc..7da14620a4 100644
--- a/src/lib/libssl/src/crypto/lhash/lhash.c
+++ b/src/lib/libssl/src/crypto/lhash/lhash.c
@@ -116,9 +116,9 @@ LHASH *lh_new(unsigned long (*h)(), int (*c)())
         LHASH *ret;
         int i;
 
-        if ((ret=(LHASH *)Malloc(sizeof(LHASH))) == NULL)
+        if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
                 goto err0;
-        if ((ret->b=(LHASH_NODE **)Malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+        if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
                 goto err1;
         for (i=0; i<MIN_NODES; i++)
                 ret->b[i]=NULL;
@@ -149,7 +149,7 @@ LHASH *lh_new(unsigned long (*h)(), int (*c)())
         ret->error=0;
         return(ret);
 err1:
-        Free(ret);
+        OPENSSL_free(ret);
 err0:
         return(NULL);
         }
@@ -168,12 +168,12 @@ void lh_free(LHASH *lh)
                 while (n != NULL)
                         {
                         nn=n->next;
-                        Free(n);
+                        OPENSSL_free(n);
                         n=nn;
                         }
                 }
-        Free(lh->b);
-        Free(lh);
+        OPENSSL_free(lh->b);
+        OPENSSL_free(lh);
         }
 
 void *lh_insert(LHASH *lh, void *data)
@@ -190,7 +190,7 @@ void *lh_insert(LHASH *lh, void *data)
 
         if (*rn == NULL)
                 {
-                if ((nn=(LHASH_NODE *)Malloc(sizeof(LHASH_NODE))) == NULL)
+                if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
                         {
                         lh->error++;
                         return(NULL);
@@ -233,7 +233,7 @@ void *lh_delete(LHASH *lh, void *data)
                 nn= *rn;
                 *rn=nn->next;
                 ret=nn->data;
-                Free(nn);
+                OPENSSL_free(nn);
                 lh->num_delete++;
                 }
 
@@ -329,7 +329,7 @@ static void expand(LHASH *lh)
         if ((lh->p) >= lh->pmax)
                 {
                 j=(int)lh->num_alloc_nodes*2;
-                n=(LHASH_NODE **)Realloc(lh->b,
+                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
                         (unsigned int)sizeof(LHASH_NODE *)*j);
                 if (n == NULL)
                         {
@@ -357,7 +357,7 @@ static void contract(LHASH *lh)
         lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
         if (lh->p == 0)
                 {
-                n=(LHASH_NODE **)Realloc(lh->b,
+                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
                         (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
                 if (n == NULL)
                         {
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.h b/src/lib/libssl/src/crypto/lhash/lhash.h
index d315fd9c6d..b8ff021906 100644
--- a/src/lib/libssl/src/crypto/lhash/lhash.h
+++ b/src/lib/libssl/src/crypto/lhash/lhash.h
@@ -63,14 +63,18 @@
 #ifndef HEADER_LHASH_H
 #define HEADER_LHASH_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifndef NO_FP_API
 #include <stdio.h>
 #endif
 
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct lhash_node_st
         {
         void *data;
@@ -132,7 +136,7 @@ void lh_node_stats(LHASH *lh, FILE *out);
 void lh_node_usage_stats(LHASH *lh, FILE *out);
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 void lh_stats_bio(LHASH *lh, BIO *out);
 void lh_node_stats_bio(LHASH *lh, BIO *out);
 void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
diff --git a/src/lib/libssl/src/crypto/md2/Makefile.ssl b/src/lib/libssl/src/crypto/md2/Makefile.ssl
index eab615a5be..d46c73a9b9 100644
--- a/src/lib/libssl/src/crypto/md2/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/md2/Makefile.ssl
@@ -83,6 +83,7 @@ md2_dgst.o: ../../include/openssl/opensslv.h
 md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md2_one.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
-md2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-md2_one.o: ../../include/openssl/stack.h ../cryptlib.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/md2/md2.h b/src/lib/libssl/src/crypto/md2/md2.h
index 582bffb859..a00bd162b3 100644
--- a/src/lib/libssl/src/crypto/md2/md2.h
+++ b/src/lib/libssl/src/crypto/md2/md2.h
@@ -59,10 +59,6 @@
 #ifndef HEADER_MD2_H
 #define HEADER_MD2_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_MD2
 #error MD2 is disabled.
 #endif
@@ -71,6 +67,10 @@ extern "C" {
 #define MD2_BLOCK               16
 #include <openssl/opensslconf.h> /* MD2_INT */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct MD2state_st
         {
         int num;
diff --git a/src/lib/libssl/src/crypto/md4/Makefile.ssl b/src/lib/libssl/src/crypto/md4/Makefile.ssl
new file mode 100644
index 0000000000..5341bf5b46
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/Makefile.ssl
@@ -0,0 +1,84 @@
+#
+# SSLeay/crypto/md4/Makefile
+#
+
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=     $(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB)
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @$(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+md4_one.o: ../../include/openssl/md4.h
diff --git a/src/lib/libssl/src/crypto/md4/md4.c b/src/lib/libssl/src/crypto/md4/md4.c
new file mode 100644
index 0000000000..e4b0aac011
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4.c
@@ -0,0 +1,127 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD4(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD4_CTX c;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD4_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD4_Update(&c,buf,(unsigned long)i);
+                }
+        MD4_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libssl/src/crypto/md4/md4.h b/src/lib/libssl/src/crypto/md4/md4.h
new file mode 100644
index 0000000000..c794e186db
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4.h
@@ -0,0 +1,114 @@
+/* crypto/md4/md4.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD4_H
+#define HEADER_MD4_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_MD4
+#error MD4 is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD4_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(WIN16) || defined(__LP32__)
+#define MD4_LONG unsigned long
+#elif defined(_CRAY) || defined(__ILP64__)
+#define MD4_LONG unsigned long
+#define MD4_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *                                      <appro@fy.chalmers.se>
+ */
+#else
+#define MD4_LONG unsigned int
+#endif
+
+#define MD4_CBLOCK      64
+#define MD4_LBLOCK      (MD4_CBLOCK/4)
+#define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st
+        {
+        MD4_LONG A,B,C,D;
+        MD4_LONG Nl,Nh;
+        MD4_LONG data[MD4_LBLOCK];
+        int num;
+        } MD4_CTX;
+
+void MD4_Init(MD4_CTX *c);
+void MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+void MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libssl/src/crypto/md4/md4_dgst.c b/src/lib/libssl/src/crypto/md4/md4_dgst.c
new file mode 100644
index 0000000000..81488ae2e2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4_dgst.c
@@ -0,0 +1,285 @@
+/* crypto/md4/md4_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+void MD4_Init(MD4_CTX *c)
+        {
+        c->A=INIT_DATA_A;
+        c->B=INIT_DATA_B;
+        c->C=INIT_DATA_C;
+        c->D=INIT_DATA_D;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        }
+
+#ifndef md4_block_host_order
+void md4_block_host_order (MD4_CTX *c, const void *data, int num)
+        {
+        const MD4_LONG *X=data;
+        register unsigned long A,B,C,D;
+        /*
+         * In case you wonder why A-D are declared as long and not
+         * as MD4_LONG. Doing so results in slight performance
+         * boost on LP64 architectures. The catch is we don't
+         * really care if 32 MSBs of a 64-bit register get polluted
+         * with eventual overflows as we *save* only 32 LSBs in
+         * *either* case. Now declaring 'em long excuses the compiler
+         * from keeping 32 MSBs zeroed resulting in 13% performance
+         * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+         * Well, to be honest it should say that this *prevents* 
+         * performance degradation.
+         *
+         *                              <appro@fy.chalmers.se>
+         */
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;X+=HASH_LBLOCK)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 3,0);
+        R0(D,A,B,C,X[ 1], 7,0);
+        R0(C,D,A,B,X[ 2],11,0);
+        R0(B,C,D,A,X[ 3],19,0);
+        R0(A,B,C,D,X[ 4], 3,0);
+        R0(D,A,B,C,X[ 5], 7,0);
+        R0(C,D,A,B,X[ 6],11,0);
+        R0(B,C,D,A,X[ 7],19,0);
+        R0(A,B,C,D,X[ 8], 3,0);
+        R0(D,A,B,C,X[ 9], 7,0);
+        R0(C,D,A,B,X[10],11,0);
+        R0(B,C,D,A,X[11],19,0);
+        R0(A,B,C,D,X[12], 3,0);
+        R0(D,A,B,C,X[13], 7,0);
+        R0(C,D,A,B,X[14],11,0);
+        R0(B,C,D,A,X[15],19,0);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 0], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 4], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 8], 9,0x5A827999L);
+        R1(B,C,D,A,X[12],13,0x5A827999L);
+        R1(A,B,C,D,X[ 1], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 5], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 9], 9,0x5A827999L);
+        R1(B,C,D,A,X[13],13,0x5A827999L);
+        R1(A,B,C,D,X[ 2], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 6], 5,0x5A827999L);
+        R1(C,D,A,B,X[10], 9,0x5A827999L);
+        R1(B,C,D,A,X[14],13,0x5A827999L);
+        R1(A,B,C,D,X[ 3], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 7], 5,0x5A827999L);
+        R1(C,D,A,B,X[11], 9,0x5A827999L);
+        R1(B,C,D,A,X[15],13,0x5A827999L);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[12],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[14],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[13],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[15],15,0x6ED9EBA1);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifndef md4_block_data_order
+#ifdef X
+#undef X
+#endif
+void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
+        {
+        const unsigned char *data=data_;
+        register unsigned long A,B,C,D,l;
+        /*
+         * In case you wonder why A-D are declared as long and not
+         * as MD4_LONG. Doing so results in slight performance
+         * boost on LP64 architectures. The catch is we don't
+         * really care if 32 MSBs of a 64-bit register get polluted
+         * with eventual overflows as we *save* only 32 LSBs in
+         * *either* case. Now declaring 'em long excuses the compiler
+         * from keeping 32 MSBs zeroed resulting in 13% performance
+         * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+         * Well, to be honest it should say that this *prevents* 
+         * performance degradation.
+         *
+         *                              <appro@fy.chalmers.se>
+         */
+#ifndef MD32_XARRAY
+        /* See comment in crypto/sha/sha_locl.h for details. */
+        unsigned long   XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                        XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)   XX##i
+#else
+        MD4_LONG XX[MD4_LBLOCK];
+# define X(i)   XX[i]
+#endif
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;)
+                {
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        /* Round 0 */
+        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+        R0(C,D,A,B,X(14),11,0);
+        R0(B,C,D,A,X(15),19,0);
+        /* Round 1 */
+        R1(A,B,C,D,X( 0), 3,0x5A827999L);
+        R1(D,A,B,C,X( 4), 5,0x5A827999L);
+        R1(C,D,A,B,X( 8), 9,0x5A827999L);
+        R1(B,C,D,A,X(12),13,0x5A827999L);
+        R1(A,B,C,D,X( 1), 3,0x5A827999L);
+        R1(D,A,B,C,X( 5), 5,0x5A827999L);
+        R1(C,D,A,B,X( 9), 9,0x5A827999L);
+        R1(B,C,D,A,X(13),13,0x5A827999L);
+        R1(A,B,C,D,X( 2), 3,0x5A827999L);
+        R1(D,A,B,C,X( 6), 5,0x5A827999L);
+        R1(C,D,A,B,X(10), 9,0x5A827999L);
+        R1(B,C,D,A,X(14),13,0x5A827999L);
+        R1(A,B,C,D,X( 3), 3,0x5A827999L);
+        R1(D,A,B,C,X( 7), 5,0x5A827999L);
+        R1(C,D,A,B,X(11), 9,0x5A827999L);
+        R1(B,C,D,A,X(15),13,0x5A827999L);
+        /* Round 2 */
+        R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifdef undef
+int printit(unsigned long *l)
+        {
+        int i,ii;
+
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/md4/md4_locl.h b/src/lib/libssl/src/crypto/md4/md4_locl.h
new file mode 100644
index 0000000000..0a2b39018d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4_locl.h
@@ -0,0 +1,154 @@
+/* crypto/md4/md4_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+#ifndef MD4_LONG_LOG2
+#define MD4_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#define md4_block_data_order md4_block_host_order
+#endif
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD4_LONG
+#define HASH_LONG_LOG2          MD4_LONG_LOG2
+#define HASH_CTX                MD4_CTX
+#define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_LBLOCK             MD4_LBLOCK
+#define HASH_UPDATE             MD4_Update
+#define HASH_TRANSFORM          MD4_Transform
+#define HASH_FINAL              MD4_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
+        } while (0)
+#define HASH_BLOCK_HOST_ORDER   md4_block_host_order
+#if !defined(L_ENDIAN) || defined(md4_block_data_order)
+#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md4_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
+
+#include "md32_common.h"
+
+/*
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
+ * simplified to the code below.  Wei attributes these optimizations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); };\
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); };
diff --git a/src/lib/libssl/src/crypto/md4/md4_one.c b/src/lib/libssl/src/crypto/md4/md4_one.c
new file mode 100644
index 0000000000..87a995d38d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4_one.c
@@ -0,0 +1,95 @@
+/* crypto/md4/md4_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        MD4_CTX c;
+        static unsigned char m[MD4_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        MD4_Init(&c);
+#ifndef CHARSET_EBCDIC
+        MD4_Update(&c,d,n);
+#else
+        {
+                char temp[1024];
+                unsigned long chunk;
+
+                while (n > 0)
+                {
+                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+                        ebcdic2ascii(temp, d, chunk);
+                        MD4_Update(&c,temp,chunk);
+                        n -= chunk;
+                        d += chunk;
+                }
+        }
+#endif
+        MD4_Final(md,&c);
+        memset(&c,0,sizeof(c)); /* security consideration */
+        return(md);
+        }
+
diff --git a/src/lib/libssl/src/crypto/md4/md4s.cpp b/src/lib/libssl/src/crypto/md4/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD4_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md4_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md4_block_x86(&ctx,buffer,num);
+                        }
+                printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
+
diff --git a/src/lib/libssl/src/crypto/md4/md4test.c b/src/lib/libssl/src/crypto/md4/md4test.c
new file mode 100644
index 0000000000..97e6e21efd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/md4/md4test.c
@@ -0,0 +1,131 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/md5/Makefile.ssl b/src/lib/libssl/src/crypto/md5/Makefile.ssl
index 45fbd04239..e8d0cced7f 100644
--- a/src/lib/libssl/src/crypto/md5/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/md5/Makefile.ssl
@@ -30,7 +30,7 @@ ASFLAGS=$(CFLAGS)
 
 GENERAL=Makefile
 TEST=md5test.c
-APPS=md5.c
+APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=md5_dgst.c md5_one.c
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
index 7c28103350..da11c4edea 100644
--- a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
@@ -81,9 +81,10 @@ clean:
 mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/mdc2.h
-mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
 mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-mdc2_one.o: ../../include/openssl/stack.h ../cryptlib.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../cryptlib.h
 mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
index 00acd707cd..5da8da72f5 100644
--- a/src/lib/libssl/src/crypto/mdc2/mdc2.h
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -59,12 +59,12 @@
 #ifndef HEADER_MDC2_H
 #define HEADER_MDC2_H
 
+#include <openssl/des.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/des.h>
-
 #ifdef NO_MDC2
 #error MDC2 is disabled.
 #endif
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index 5a661e5f45..3b5b2bbc68 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -80,20 +80,23 @@ static void (*free_func)(void *)            = free;
 /* may be changed as long as `allow_customize_debug' is set */
 /* XXX use correct function pointer types */
 #ifdef CRYPTO_MDEBUG
-  /* use default functions from mem_dbg.c */
-  static void (*malloc_debug_func)()= (void (*)())CRYPTO_dbg_malloc;
-  static void (*realloc_debug_func)()= (void (*)())CRYPTO_dbg_realloc;
-  static void (*free_debug_func)()= (void (*)())CRYPTO_dbg_free;
-  static void (*set_debug_options_func)()= (void (*)())CRYPTO_dbg_set_options;
-  static long (*get_debug_options_func)()= (long (*)())CRYPTO_dbg_get_options;
+/* use default functions from mem_dbg.c */
+static void (*malloc_debug_func)(void *,int,const char *,int,int)
+        = CRYPTO_dbg_malloc;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = CRYPTO_dbg_realloc;
+static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
 #else
-  /* applications can use CRYPTO_malloc_debug_init() to select above case
-   * at run-time */
-  static void (*malloc_debug_func)()= NULL;
-  static void (*realloc_debug_func)()= NULL;
-  static void (*free_debug_func)()= NULL;
-  static void (*set_debug_options_func)()= NULL;
-  static long (*get_debug_options_func)()= NULL;
+/* applications can use CRYPTO_malloc_debug_init() to select above case
+ * at run-time */
+static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = NULL;
+static void (*free_debug_func)(void *,int) = NULL;
+static void (*set_debug_options_func)(long) = NULL;
+static long (*get_debug_options_func)(void) = NULL;
 #endif
 
 
@@ -123,7 +126,11 @@ int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
         return 1;
         }
 
-int CRYPTO_set_mem_debug_functions(void (*m)(), void (*r)(), void (*f)(),void (*so)(),long (*go)())
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+                                   void (*r)(void *,void *,int,const char *,int,int),
+                                   void (*f)(void *,int),
+                                   void (*so)(long),
+                                   long (*go)(void))
         {
         if (!allow_customize_debug)
                 return 0;
@@ -149,7 +156,11 @@ void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
         if (f != NULL) *f=free_locked_func;
         }
 
-void CRYPTO_get_mem_debug_functions(void (**m)(), void (**r)(), void (**f)(),void (**so)(),long (**go)())
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r)(void *,void *,int,const char *,int,int),
+                                    void (**f)(void *,int),
+                                    void (**so)(long),
+                                    long (**go)(void))
         {
         if (m != NULL) *m=malloc_debug_func;
         if (r != NULL) *r=realloc_debug_func;
@@ -161,7 +172,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(), void (**r)(), void (**f)(),voi
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
         {
-        char *ret = NULL;
+        void *ret = NULL;
 
         allow_customize = 0;
         if (malloc_debug_func != NULL)
@@ -193,7 +204,7 @@ void CRYPTO_free_locked(void *str)
 
 void *CRYPTO_malloc(int num, const char *file, int line)
         {
-        char *ret = NULL;
+        void *ret = NULL;
 
         allow_customize = 0;
         if (malloc_debug_func != NULL)
@@ -213,7 +224,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 
 void *CRYPTO_realloc(void *str, int num, const char *file, int line)
         {
-        char *ret = NULL;
+        void *ret = NULL;
 
         if (realloc_debug_func != NULL)
                 realloc_debug_func(str, NULL, num, file, line, 0);
@@ -241,8 +252,8 @@ void CRYPTO_free(void *str)
 
 void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
         {
-        if (a != NULL) Free(a);
-        a=(char *)Malloc(num);
+        if (a != NULL) OPENSSL_free(a);
+        a=(char *)OPENSSL_malloc(num);
         return(a);
         }
 
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index a399485300..866c53e73a 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -108,7 +108,7 @@ static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
 typedef struct mem_st
 /* memory-block description */
         {
-        char *addr;
+        void *addr;
         int num;
         const char *file;
         int line;
@@ -221,7 +221,7 @@ long CRYPTO_dbg_get_options(void)
 
 static int mem_cmp(MEM *a, MEM *b)
         {
-        return(a->addr - b->addr);
+        return((char *)a->addr - (char *)b->addr);
         }
 
 static unsigned long mem_hash(MEM *a)
@@ -279,7 +279,7 @@ static APP_INFO *pop_info()
                                 ret->next = NULL;
                                 if (next != NULL)
                                         next->references--;
-                                Free(ret);
+                                OPENSSL_free(ret);
                                 }
                         }
                 }
@@ -295,7 +295,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
                 {
                 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
 
-                if ((ami = (APP_INFO *)Malloc(sizeof(APP_INFO))) == NULL)
+                if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
                         {
                         ret=0;
                         goto err;
@@ -304,7 +304,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
                         {
                         if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL)
                                 {
-                                Free(ami);
+                                OPENSSL_free(ami);
                                 ret=0;
                                 goto err;
                                 }
@@ -386,9 +386,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                 if (is_MemCheck_on())
                         {
                         MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
-                        if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL)
+                        if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
                                 {
-                                Free(addr);
+                                OPENSSL_free(addr);
                                 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
                                 return;
                                 }
@@ -396,8 +396,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                 {
                                 if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
                                         {
-                                        Free(addr);
-                                        Free(m);
+                                        OPENSSL_free(addr);
+                                        OPENSSL_free(m);
                                         addr=NULL;
                                         goto err;
                                         }
@@ -445,7 +445,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                         {
                                         mm->app_info->references--;
                                         }
-                                Free(mm);
+                                OPENSSL_free(mm);
                                 }
                 err:
                         MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
@@ -481,7 +481,7 @@ void CRYPTO_dbg_free(void *addr, int before_p)
                                         {
                                         mp->app_info->references--;
                                         }
-                                Free(mp);
+                                OPENSSL_free(mp);
                                 }
 
                         MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
@@ -696,32 +696,6 @@ void CRYPTO_mem_leaks(BIO *b)
 #endif
         }
 
-union void_fn_to_char_u
-        {
-        char *char_p;
-        void (*fn_p)();
-        };
-
-static void cb_leak(MEM *m, char *cb)
-        {
-        union void_fn_to_char_u mem_callback;
-
-        mem_callback.char_p=cb;
-        mem_callback.fn_p(m->order,m->file,m->line,m->num,m->addr);
-        }
-
-void CRYPTO_mem_leaks_cb(void (*cb)())
-        {
-        union void_fn_to_char_u mem_cb;
-
-        if (mh == NULL) return;
-        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-        mem_cb.fn_p=cb;
-        lh_doall_arg(mh,(void (*)())cb_leak,mem_cb.char_p);
-        mem_cb.char_p=NULL;
-        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-        }
-
 #ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *fp)
         {
@@ -736,3 +710,21 @@ void CRYPTO_mem_leaks_fp(FILE *fp)
         }
 #endif
 
+
+
+/* FIXME: We really don't allow much to the callback.  For example, it has
+   no chance of reaching the info stack for the item it processes.  Should
+   it really be this way?  -- Richard Levitte */
+static void cb_leak(MEM *m,
+                    void (**cb)(unsigned long, const char *, int, int, void *))
+        {
+        (**cb)(m->order,m->file,m->line,m->num,m->addr);
+        }
+
+void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *))
+        {
+        if (mh == NULL) return;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+        lh_doall_arg(mh,(void (*)())cb_leak,(void *)&cb);
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+        }
diff --git a/src/lib/libssl/src/crypto/objects/Makefile.ssl b/src/lib/libssl/src/crypto/objects/Makefile.ssl
index f05e15df96..bdb7aa94dc 100644
--- a/src/lib/libssl/src/crypto/objects/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -27,7 +27,7 @@ LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= objects.h
+EXHEADER= objects.h obj_mac.h
 HEADER= $(EXHEADER) obj_dat.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -80,27 +80,32 @@ clean:
 
 o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-o_names.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
-o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-o_names.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+o_names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+o_names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+o_names.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
-obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_dat.o: ../cryptlib.h obj_dat.h
 obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-obj_err.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_err.o: ../../include/openssl/symhacks.h
 obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
-obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_lib.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c
index d9389a5e5a..dca988230e 100644
--- a/src/lib/libssl/src/crypto/objects/o_names.c
+++ b/src/lib/libssl/src/crypto/objects/o_names.c
@@ -36,8 +36,9 @@ int OBJ_NAME_init(void)
         return(names_lh != NULL);
         }
 
-int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(),
-             void (*free_func)())
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+        int (*cmp_func)(const void *, const void *),
+        void (*free_func)(const char *, int, const char *))
         {
         int ret;
         int i;
@@ -59,7 +60,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(),
         for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
                 {
                 MemCheck_off();
-                name_funcs = Malloc(sizeof(NAME_FUNCS));
+                name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
                 name_funcs->hash_func = lh_strhash;
                 name_funcs->cmp_func = (int (*)())strcmp;
                 name_funcs->free_func = 0; /* NULL is often declared to
@@ -156,7 +157,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
         alias=type&OBJ_NAME_ALIAS;
         type&= ~OBJ_NAME_ALIAS;
 
-        onp=(OBJ_NAME *)Malloc(sizeof(OBJ_NAME));
+        onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
         if (onp == NULL)
                 {
                 /* ERROR */
@@ -181,7 +182,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
                         sk_NAME_FUNCS_value(name_funcs_stack,ret->type)
                                 ->free_func(ret->name,ret->type,ret->data);
                         }
-                Free(ret);
+                OPENSSL_free(ret);
                 }
         else
                 {
@@ -216,7 +217,7 @@ int OBJ_NAME_remove(const char *name, int type)
                         sk_NAME_FUNCS_value(name_funcs_stack,ret->type)
                                 ->free_func(ret->name,ret->type,ret->data);
                         }
-                Free(ret);
+                OPENSSL_free(ret);
                 return(1);
                 }
         else
@@ -238,7 +239,7 @@ static void names_lh_free(OBJ_NAME *onp, int type)
 
 static void name_funcs_free(NAME_FUNCS *ptr)
         {
-        Free(ptr);
+        OPENSSL_free(ptr);
         }
 
 void OBJ_NAME_cleanup(int type)
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index da6df3762a..4b1bb9583a 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -79,9 +79,9 @@ static ASN1_OBJECT *ln_objs[1];
 static ASN1_OBJECT *obj_objs[1];
 #endif
 
-static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+static int sn_cmp(const void *a, const void *b);
+static int ln_cmp(const void *a, const void *b);
+static int obj_cmp(const void *a, const void *b);
 #define ADDED_DATA      0
 #define ADDED_SNAME     1
 #define ADDED_LNAME     2
@@ -96,11 +96,17 @@ typedef struct added_obj_st
 static int new_nid=NUM_NID;
 static LHASH *added=NULL;
 
-static int sn_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
-        { return(strcmp((*ap)->sn,(*bp)->sn)); }
+static int sn_cmp(const void *a, const void *b)
+        {
+        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+        return(strcmp((*ap)->sn,(*bp)->sn));
+        }
 
-static int ln_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
-        { return(strcmp((*ap)->ln,(*bp)->ln)); }
+static int ln_cmp(const void *a, const void *b)
+        { 
+        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+        return(strcmp((*ap)->ln,(*bp)->ln));
+        }
 
 static unsigned long add_hash(ADDED_OBJ *ca)
         {
@@ -128,7 +134,8 @@ static unsigned long add_hash(ADDED_OBJ *ca)
                 ret=a->nid;
                 break;
         default:
-                abort();
+                /* abort(); */
+                return 0;
                 }
         ret&=0x3fffffffL;
         ret|=ca->type<<30L;
@@ -161,7 +168,8 @@ static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb)
         case ADDED_NID:
                 return(a->nid-b->nid);
         default:
-                abort();
+                /* abort(); */
+                return 0;
                 }
         return(1); /* should not get here */
         }
@@ -188,7 +196,7 @@ static void cleanup3(ADDED_OBJ *a)
         {
         if (--a->obj->nid == 0)
                 ASN1_OBJECT_free(a->obj);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void OBJ_cleanup(void)
@@ -220,13 +228,13 @@ int OBJ_add_object(ASN1_OBJECT *obj)
         if (added == NULL)
                 if (!init_added()) return(0);
         if ((o=OBJ_dup(obj)) == NULL) goto err;
-        ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+        ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
         if ((o->length != 0) && (obj->data != NULL))
-                ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+                ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
         if (o->sn != NULL)
-                ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+                ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
         if (o->ln != NULL)
-                ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+                ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 
         for (i=ADDED_DATA; i<=ADDED_NID; i++)
                 {
@@ -237,7 +245,7 @@ int OBJ_add_object(ASN1_OBJECT *obj)
                         aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
                         /* memory leak, buit should not normally matter */
                         if (aop != NULL)
-                                Free(aop);
+                                OPENSSL_free(aop);
                         }
                 }
         o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
@@ -246,8 +254,8 @@ int OBJ_add_object(ASN1_OBJECT *obj)
         return(o->nid);
 err:
         for (i=ADDED_DATA; i<=ADDED_NID; i++)
-                if (ao[i] != NULL) Free(ao[i]);
-        if (o != NULL) Free(o);
+                if (ao[i] != NULL) OPENSSL_free(ao[i]);
+        if (o != NULL) OPENSSL_free(o);
         return(NID_undef);
         }
 
@@ -365,7 +373,7 @@ int OBJ_obj2nid(ASN1_OBJECT *a)
                 if (adp != NULL) return (adp->obj->nid);
                 }
         op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
-                sizeof(ASN1_OBJECT *),(int (*)())obj_cmp);
+                sizeof(ASN1_OBJECT *),obj_cmp);
         if (op == NULL)
                 return(NID_undef);
         return((*op)->nid);
@@ -400,7 +408,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         /* Work out total size */
         j = ASN1_object_size(0,i,V_ASN1_OBJECT);
 
-        if((buf=(unsigned char *)Malloc(j)) == NULL) return NULL;
+        if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
 
         p = buf;
         /* Write out tag+length */
@@ -410,7 +418,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         
         p=buf;
         op=d2i_ASN1_OBJECT(NULL,&p,i);
-        Free(buf);
+        OPENSSL_free(buf);
         return op;
         }
 
@@ -504,7 +512,7 @@ int OBJ_ln2nid(const char *s)
                 if (adp != NULL) return (adp->obj->nid);
                 }
         op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
-                sizeof(ASN1_OBJECT *),(int (*)())ln_cmp);
+                sizeof(ASN1_OBJECT *),ln_cmp);
         if (op == NULL) return(NID_undef);
         return((*op)->nid);
         }
@@ -523,23 +531,23 @@ int OBJ_sn2nid(const char *s)
                 if (adp != NULL) return (adp->obj->nid);
                 }
         op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-                sizeof(ASN1_OBJECT *),(int (*)())sn_cmp);
+                sizeof(ASN1_OBJECT *),sn_cmp);
         if (op == NULL) return(NID_undef);
         return((*op)->nid);
         }
 
-static int obj_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
+static int obj_cmp(const void *ap, const void *bp)
         {
         int j;
-        ASN1_OBJECT *a= *ap;
-        ASN1_OBJECT *b= *bp;
+        ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
+        ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
 
         j=(a->length - b->length);
         if (j) return(j);
         return(memcmp(a->data,b->data,a->length));
         }
 
-char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)())
+char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)(const void *, const void *))
         {
         int l,h,i,c;
         char *p;
@@ -631,7 +639,7 @@ int OBJ_create(char *oid, char *sn, char *ln)
         i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
         if (i <= 0) return(0);
 
-        if ((buf=(unsigned char *)Malloc(i)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
                 {
                 OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
                 return(0);
@@ -643,7 +651,7 @@ int OBJ_create(char *oid, char *sn, char *ln)
         ok=OBJ_add_object(op);
 err:
         ASN1_OBJECT_free(op);
-        Free(buf);
+        OPENSSL_free(buf);
         return(ok);
         }
 
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h.src b/src/lib/libssl/src/crypto/objects/obj_dat.h.src
new file mode 100644
index 0000000000..f0d824141c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.h.src
@@ -0,0 +1,2208 @@
+/* lib/obj/obj_dat.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl objects.h obj_dat.h
+ */
+
+#define NUM_NID 393
+#define NUM_SN 392
+#define NUM_LN 392
+#define NUM_OBJ 366
+
+static unsigned char lvalues[2896]={
+0x00,                                        /* [  0] OBJ_undef */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 14] OBJ_md2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 22] OBJ_md5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 30] OBJ_rc4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */
+0x55,                                        /* [ 83] OBJ_X500 */
+0x55,0x04,                                   /* [ 84] OBJ_X509 */
+0x55,0x04,0x03,                              /* [ 86] OBJ_commonName */
+0x55,0x04,0x06,                              /* [ 89] OBJ_countryName */
+0x55,0x04,0x07,                              /* [ 92] OBJ_localityName */
+0x55,0x04,0x08,                              /* [ 95] OBJ_stateOrProvinceName */
+0x55,0x04,0x0A,                              /* [ 98] OBJ_organizationName */
+0x55,0x04,0x0B,                              /* [101] OBJ_organizationalUnitName */
+0x55,0x08,0x01,0x01,                         /* [104] OBJ_rsa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [108] OBJ_pkcs7 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [170] OBJ_pkcs3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */
+0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
+0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
+0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede */
+0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
+0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
+0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */
+0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */
+0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */
+0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */
+0x55,0x1D,                                   /* [489] OBJ_id_ce */
+0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */
+0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */
+0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */
+0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */
+0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */
+0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */
+0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */
+0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */
+0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */
+0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */
+0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */
+0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
+0x55,0x04,0x04,                              /* [538] OBJ_surname */
+0x55,0x04,0x2B,                              /* [541] OBJ_initials */
+0x55,0x04,0x2D,                              /* [544] OBJ_uniqueIdentifier */
+0x55,0x1D,0x1F,                              /* [547] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [550] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [555] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [558] OBJ_title */
+0x55,0x04,0x0D,                              /* [561] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [564] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [573] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [582] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [589] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [594] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [601] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [606] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [612] OBJ_rc5_cbc */
+0x29,0x01,0x01,0x85,0x1A,0x01,               /* [620] OBJ_rle_compression */
+0x29,0x01,0x01,0x85,0x1A,0x02,               /* [626] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [632] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [635] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [641] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [648] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [656] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [664] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [672] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [680] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [688] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [698] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [708] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [718] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [728] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [738] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [747] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [750] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [753] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [756] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [761] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [771] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [781] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [791] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [801] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [811] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [821] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [832] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [843] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [854] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [865] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [876] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [887] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [896] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [905] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [915] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [925] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [935] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [944] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [953] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [961] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [969] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [977] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [986] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [995] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1004] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1013] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1023] OBJ_ext_req */
+0x55,0x04,0x29,                              /* [1032] OBJ_name */
+0x55,0x04,0x2E,                              /* [1035] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1038] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1045] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1052] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1060] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1068] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1076] OBJ_OCSP_sign */
+0x28,                                        /* [1084] OBJ_iso */
+0x2A,                                        /* [1085] OBJ_member_body */
+0x2A,0x86,0x48,                              /* [1086] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38,                    /* [1089] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1094] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1100] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1108] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1866] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1874] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1881] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1888] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1895] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1902] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1909] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1916] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1923] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1930] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1937] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1944] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1951] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1959] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1967] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1975] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1983] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1991] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1999] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2007] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2015] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2023] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2031] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2039] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2047] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2055] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2063] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2071] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2079] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2087] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2095] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2103] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2111] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2119] OBJ_sbqp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2127] OBJ_sbqp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2135] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2143] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2151] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2159] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2167] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2175] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2183] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2191] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2199] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2207] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2215] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2223] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2231] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2239] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2247] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2255] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2263] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2271] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2279] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2287] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2295] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2303] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2311] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2391] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2399] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2415] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2423] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2431] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2439] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2447] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2455] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2463] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2471] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2479] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2487] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2495] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2503] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2511] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2519] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2527] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2535] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2543] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2551] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2559] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2567] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2575] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_pseudonym */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x06,     /* [2631] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2639] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2647] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2655] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2663] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2671] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2679] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2687] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2695] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2703] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2711] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2719] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2727] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2736] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2745] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2754] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2763] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2772] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2781] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2790] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2799] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2808] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2817] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2826] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2830] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2835] OBJ_X500algorithms */
+0x2B,                                        /* [2837] OBJ_org */
+0x2B,0x06,                                   /* [2838] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2840] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2843] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2847] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2851] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2855] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2859] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2863] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2867] OBJ_Mail */
+0x01,                                        /* [2871] OBJ_Enterprises */
+0xBA,0x82,0x58,                              /* [2872] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
+};
+
+static ASN1_OBJECT nid_objs[NUM_NID]={
+{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
+{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
+{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
+{"MD2","md2",NID_md2,8,&(lvalues[14]),0},
+{"MD5","md5",NID_md5,8,&(lvalues[22]),0},
+{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},
+{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0},
+{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
+        &(lvalues[47]),0},
+{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
+        &(lvalues[56]),0},
+{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
+        &(lvalues[65]),0},
+{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
+        &(lvalues[74]),0},
+{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},
+{"X509","X509",NID_X509,2,&(lvalues[84]),0},
+{"CN","commonName",NID_commonName,3,&(lvalues[86]),0},
+{"C","countryName",NID_countryName,3,&(lvalues[89]),0},
+{"L","localityName",NID_localityName,3,&(lvalues[92]),0},
+{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0},
+{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0},
+{"OU","organizationalUnitName",NID_organizationalUnitName,3,
+        &(lvalues[101]),0},
+{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0},
+{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0},
+{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0},
+{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
+        &(lvalues[125]),0},
+{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
+        &(lvalues[134]),0},
+{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
+        NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0},
+{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
+        &(lvalues[152]),0},
+{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
+        &(lvalues[161]),0},
+{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0},
+{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
+        &(lvalues[178]),0},
+{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
+{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
+{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
+{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
+{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
+{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
+{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
+{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
+{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
+{"SHA","sha",NID_sha,5,&(lvalues[226]),0},
+{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
+        &(lvalues[231]),0},
+{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
+{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
+{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[257]),0},
+{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
+        &(lvalues[266]),0},
+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
+{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
+        &(lvalues[284]),0},
+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},
+{"countersignature","countersignature",NID_pkcs9_countersignature,9,
+        &(lvalues[302]),0},
+{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
+        9,&(lvalues[311]),0},
+{"unstructuredAddress","unstructuredAddress",
+        NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},
+{"extendedCertificateAttributes","extendedCertificateAttributes",
+        NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},
+{"Netscape","Netscape Communications Corp.",NID_netscape,7,
+        &(lvalues[338]),0},
+{"nsCertExt","Netscape Certificate Extension",
+        NID_netscape_cert_extension,8,&(lvalues[345]),0},
+{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
+        &(lvalues[353]),0},
+{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
+{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
+{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
+{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
+{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
+{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
+        &(lvalues[366]),0},
+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},
+{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
+        9,&(lvalues[385]),0},
+{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},
+{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},
+{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
+        &(lvalues[408]),0},
+{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
+        &(lvalues[417]),0},
+{"nsRevocationUrl","Netscape Revocation Url",
+        NID_netscape_revocation_url,9,&(lvalues[426]),0},
+{"nsCaRevocationUrl","Netscape CA Revocation Url",
+        NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},
+{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
+        &(lvalues[444]),0},
+{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
+        9,&(lvalues[453]),0},
+{"nsSslServerName","Netscape SSL Server Name",
+        NID_netscape_ssl_server_name,9,&(lvalues[462]),0},
+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
+{"nsCertSequence","Netscape Certificate Sequence",
+        NID_netscape_cert_sequence,9,&(lvalues[480]),0},
+{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
+{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
+{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
+        NID_subject_key_identifier,3,&(lvalues[491]),0},
+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},
+{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
+        NID_private_key_usage_period,3,&(lvalues[497]),0},
+{"subjectAltName","X509v3 Subject Alternative Name",
+        NID_subject_alt_name,3,&(lvalues[500]),0},
+{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
+        3,&(lvalues[503]),0},
+{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
+        3,&(lvalues[506]),0},
+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},
+{"certificatePolicies","X509v3 Certificate Policies",
+        NID_certificate_policies,3,&(lvalues[512]),0},
+{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
+        NID_authority_key_identifier,3,&(lvalues[515]),0},
+{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
+{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
+{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
+{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
+{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
+{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+{"G","givenName",NID_givenName,3,&(lvalues[535]),0},
+{"S","surname",NID_surname,3,&(lvalues[538]),0},
+{"I","initials",NID_initials,3,&(lvalues[541]),0},
+{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[544]),0},
+{"crlDistributionPoints","X509v3 CRL Distribution Points",
+        NID_crl_distribution_points,3,&(lvalues[547]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0},
+{"SN","serialNumber",NID_serialNumber,3,&(lvalues[555]),0},
+{"T","title",NID_title,3,&(lvalues[558]),0},
+{"D","description",NID_description,3,&(lvalues[561]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[564]),0},
+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
+{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
+        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[573]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[582]),0},
+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[589]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[594]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[601]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
+        &(lvalues[606]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[612]),0},
+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
+{"RLE","run length compression",NID_rle_compression,6,&(lvalues[620]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[626]),0},
+{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
+        &(lvalues[632]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[635]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[641]),0},
+{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
+        &(lvalues[648]),0},
+{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
+        &(lvalues[656]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[664]),0},
+{"emailProtection","E-mail Protection",NID_email_protect,8,
+        &(lvalues[672]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[680]),0},
+{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
+        &(lvalues[688]),0},
+{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
+        &(lvalues[698]),0},
+{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
+        &(lvalues[708]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[718]),0},
+{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
+        &(lvalues[728]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[738]),0},
+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
+        &(lvalues[747]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[750]),0},
+{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
+        &(lvalues[753]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[756]),0},
+{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
+        NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[761]),0},
+{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
+        NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[771]),0},
+{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
+        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[781]),0},
+{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
+        NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[791]),0},
+{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
+        NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[801]),0},
+{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
+        NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[811]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[821]),0},
+{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
+        11,&(lvalues[832]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[843]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[854]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[865]),0},
+{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
+        &(lvalues[876]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[887]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[896]),0},
+{"x509Certificate","x509Certificate",NID_x509Certificate,10,
+        &(lvalues[905]),0},
+{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
+        &(lvalues[915]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[925]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[935]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[944]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[953]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[961]),0},
+{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
+        &(lvalues[969]),0},
+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
+        &(lvalues[977]),0},
+{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
+        &(lvalues[986]),0},
+{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
+        &(lvalues[995]),0},
+{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
+        &(lvalues[1004]),0},
+{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
+        &(lvalues[1013]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1023]),0},
+{"name","name",NID_name,3,&(lvalues[1032]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1035]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1038]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1045]),0},
+{"authorityInfoAccess","Authority Information Access",NID_info_access,
+        8,&(lvalues[1052]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1060]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1068]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1076]),0},
+{"ISO","iso",NID_iso,1,&(lvalues[1084]),0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0},
+{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
+        &(lvalues[1195]),0},
+{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
+        &(lvalues[1206]),0},
+{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
+        &(lvalues[1217]),0},
+{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
+        11,&(lvalues[1228]),0},
+{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
+        NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0},
+{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
+        NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0},
+{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
+        NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0},
+{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
+        NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0},
+{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
+        11,&(lvalues[1283]),0},
+{"id-smime-ct-authData","id-smime-ct-authData",
+        NID_id_smime_ct_authData,11,&(lvalues[1294]),0},
+{"id-smime-ct-publishCert","id-smime-ct-publishCert",
+        NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0},
+{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
+        11,&(lvalues[1316]),0},
+{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
+        11,&(lvalues[1327]),0},
+{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
+        NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0},
+{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
+        NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0},
+{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
+        NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0},
+{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
+        NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0},
+{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
+        NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0},
+{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
+        NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0},
+{"id-smime-aa-contentHint","id-smime-aa-contentHint",
+        NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0},
+{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
+        NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0},
+{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
+        NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0},
+{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
+        NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0},
+{"id-smime-aa-macValue","id-smime-aa-macValue",
+        NID_id_smime_aa_macValue,11,&(lvalues[1448]),0},
+{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
+        NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0},
+{"id-smime-aa-contentReference","id-smime-aa-contentReference",
+        NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0},
+{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
+        NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0},
+{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
+        NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0},
+{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
+        NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0},
+{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
+        NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0},
+{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
+        NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0},
+{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
+        NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0},
+{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
+        NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0},
+{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
+        NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0},
+{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
+        NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0},
+{"id-smime-aa-ets-contentTimestamp",
+        "id-smime-aa-ets-contentTimestamp",
+        NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0},
+{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
+        NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0},
+{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
+        NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0},
+{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
+        NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0},
+{"id-smime-aa-ets-revocationValues",
+        "id-smime-aa-ets-revocationValues",
+        NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0},
+{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
+        NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0},
+{"id-smime-aa-ets-certCRLTimestamp",
+        "id-smime-aa-ets-certCRLTimestamp",
+        NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0},
+{"id-smime-aa-ets-archiveTimeStamp",
+        "id-smime-aa-ets-archiveTimeStamp",
+        NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0},
+{"id-smime-aa-signatureType","id-smime-aa-signatureType",
+        NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0},
+{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
+        NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0},
+{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
+        NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0},
+{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
+        NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0},
+{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
+        NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0},
+{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
+        NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0},
+{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
+        &(lvalues[1734]),0},
+{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
+        NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0},
+{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
+        NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0},
+{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
+        &(lvalues[1767]),0},
+{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
+        NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0},
+{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
+        NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0},
+{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
+        NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0},
+{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
+        NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0},
+{"id-smime-cti-ets-proofOfDelivery",
+        "id-smime-cti-ets-proofOfDelivery",
+        NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0},
+{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
+        NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0},
+{"id-smime-cti-ets-proofOfApproval",
+        "id-smime-cti-ets-proofOfApproval",
+        NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0},
+{"id-smime-cti-ets-proofOfCreation",
+        "id-smime-cti-ets-proofOfCreation",
+        NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1866]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0},
+{"id-pkix1-explicit-88","id-pkix1-explicit-88",
+        NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0},
+{"id-pkix1-implicit-88","id-pkix1-implicit-88",
+        NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0},
+{"id-pkix1-explicit-93","id-pkix1-explicit-93",
+        NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0},
+{"id-pkix1-implicit-93","id-pkix1-implicit-93",
+        NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0},
+{"id-mod-kea-profile-88","id-mod-kea-profile-88",
+        NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0},
+{"id-mod-kea-profile-93","id-mod-kea-profile-93",
+        NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0},
+{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
+        NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0},
+{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
+        NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0},
+{"id-mod-attribute-cert","id-mod-attribute-cert",
+        NID_id_mod_attribute_cert,8,&(lvalues[2039]),0},
+{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
+        NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0},
+{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
+        &(lvalues[2071]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0},
+{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
+        &(lvalues[2095]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0},
+{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+        &(lvalues[2119]),0},
+{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
+        NID_sbqp_autonomousSysNum,8,&(lvalues[2127]),0},
+{"sbqp-routerIdentifier","sbqp-routerIdentifier",
+        NID_sbqp_routerIdentifier,8,&(lvalues[2135]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0},
+{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
+        &(lvalues[2151]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0},
+{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
+        8,&(lvalues[2183]),0},
+{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
+        NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0},
+{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
+        NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0},
+{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
+        NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0},
+{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
+        NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0},
+{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
+        &(lvalues[2223]),0},
+{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
+        NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0},
+{"id-it-subscriptionRequest","id-it-subscriptionRequest",
+        NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0},
+{"id-it-subscriptionResponse","id-it-subscriptionResponse",
+        NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0},
+{"id-it-keyPairParamReq","id-it-keyPairParamReq",
+        NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0},
+{"id-it-keyPairParamRep","id-it-keyPairParamRep",
+        NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0},
+{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
+        8,&(lvalues[2271]),0},
+{"id-it-implicitConfirm","id-it-implicitConfirm",
+        NID_id_it_implicitConfirm,8,&(lvalues[2279]),0},
+{"id-it-confirmWaitTime","id-it-confirmWaitTime",
+        NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0},
+{"id-it-origPKIMessage","id-it-origPKIMessage",
+        NID_id_it_origPKIMessage,8,&(lvalues[2295]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0},
+{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
+        9,&(lvalues[2319]),0},
+{"id-regCtrl-authenticator","id-regCtrl-authenticator",
+        NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0},
+{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
+        NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0},
+{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
+        NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0},
+{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
+        NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0},
+{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
+        NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0},
+{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
+        NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0},
+{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
+        &(lvalues[2382]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0},
+{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
+        &(lvalues[2399]),0},
+{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
+        NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0},
+{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
+        &(lvalues[2423]),0},
+{"id-cmc-identification","id-cmc-identification",
+        NID_id_cmc_identification,8,&(lvalues[2431]),0},
+{"id-cmc-identityProof","id-cmc-identityProof",
+        NID_id_cmc_identityProof,8,&(lvalues[2439]),0},
+{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
+        &(lvalues[2447]),0},
+{"id-cmc-transactionId","id-cmc-transactionId",
+        NID_id_cmc_transactionId,8,&(lvalues[2455]),0},
+{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
+        &(lvalues[2463]),0},
+{"id-cmc-recipientNonce","id-cmc-recipientNonce",
+        NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0},
+{"id-cmc-addExtensions","id-cmc-addExtensions",
+        NID_id_cmc_addExtensions,8,&(lvalues[2479]),0},
+{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
+        8,&(lvalues[2487]),0},
+{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
+        8,&(lvalues[2495]),0},
+{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
+        NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0},
+{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
+        &(lvalues[2511]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0},
+{"id-cmc-revokeRequest","id-cmc-revokeRequest",
+        NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0},
+{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
+        &(lvalues[2535]),0},
+{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
+        8,&(lvalues[2543]),0},
+{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
+        8,&(lvalues[2551]),0},
+{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
+        NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0},
+{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
+        NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0},
+{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
+        NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0},
+{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
+        &(lvalues[2583]),0},
+{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
+        &(lvalues[2591]),0},
+{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
+        8,&(lvalues[2599]),0},
+{"id-pda-pseudonym","id-pda-pseudonym",NID_id_pda_pseudonym,8,
+        &(lvalues[2607]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2615]),0},
+{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
+        NID_id_pda_countryOfCitizenship,8,&(lvalues[2623]),0},
+{"id-pda-countryOfResidence","id-pda-countryOfResidence",
+        NID_id_pda_countryOfResidence,8,&(lvalues[2631]),0},
+{"id-aca-authenticationInfo","id-aca-authenticationInfo",
+        NID_id_aca_authenticationInfo,8,&(lvalues[2639]),0},
+{"id-aca-accessIdentity","id-aca-accessIdentity",
+        NID_id_aca_accessIdentity,8,&(lvalues[2647]),0},
+{"id-aca-chargingIdentity","id-aca-chargingIdentity",
+        NID_id_aca_chargingIdentity,8,&(lvalues[2655]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2663]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2671]),0},
+{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
+        NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2679]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2687]),0},
+{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
+        &(lvalues[2695]),0},
+{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
+        &(lvalues[2703]),0},
+{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+        &(lvalues[2711]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2719]),0},
+{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
+        &(lvalues[2727]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2736]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0},
+{"acceptableResponses","Acceptable OCSP Responses",
+        NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0},
+{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
+{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
+        9,&(lvalues[2772]),0},
+{"serviceLocator","OCSP Service Locator",
+        NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2781]),0},
+{"extendedStatus","Extended OCSP Status",
+        NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2790]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2799]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2808]),0},
+{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
+        &(lvalues[2817]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2826]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2830]),0},
+{"X500algorithms","directory services - algorithms",
+        NID_X500algorithms,2,&(lvalues[2835]),0},
+{"ORG","org",NID_org,1,&(lvalues[2837]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2838]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2840]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2843]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2847]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2851]),0},
+{"private","Private",NID_Private,4,&(lvalues[2855]),0},
+{"security","Security",NID_Security,4,&(lvalues[2859]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2863]),0},
+{"mail","Mail",NID_Mail,4,&(lvalues[2867]),0},
+{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2871]),0},
+{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
+};
+
+static ASN1_OBJECT *sn_objs[NUM_SN]={
+&(nid_objs[364]),/* "AD_DVCS" */
+&(nid_objs[91]),/* "BF-CBC" */
+&(nid_objs[93]),/* "BF-CFB" */
+&(nid_objs[92]),/* "BF-ECB" */
+&(nid_objs[94]),/* "BF-OFB" */
+&(nid_objs[14]),/* "C" */
+&(nid_objs[108]),/* "CAST5-CBC" */
+&(nid_objs[110]),/* "CAST5-CFB" */
+&(nid_objs[109]),/* "CAST5-ECB" */
+&(nid_objs[111]),/* "CAST5-OFB" */
+&(nid_objs[13]),/* "CN" */
+&(nid_objs[141]),/* "CRLReason" */
+&(nid_objs[367]),/* "CrlID" */
+&(nid_objs[107]),/* "D" */
+&(nid_objs[391]),/* "DC" */
+&(nid_objs[31]),/* "DES-CBC" */
+&(nid_objs[30]),/* "DES-CFB" */
+&(nid_objs[29]),/* "DES-ECB" */
+&(nid_objs[32]),/* "DES-EDE" */
+&(nid_objs[43]),/* "DES-EDE-CBC" */
+&(nid_objs[60]),/* "DES-EDE-CFB" */
+&(nid_objs[62]),/* "DES-EDE-OFB" */
+&(nid_objs[33]),/* "DES-EDE3" */
+&(nid_objs[44]),/* "DES-EDE3-CBC" */
+&(nid_objs[61]),/* "DES-EDE3-CFB" */
+&(nid_objs[63]),/* "DES-EDE3-OFB" */
+&(nid_objs[45]),/* "DES-OFB" */
+&(nid_objs[80]),/* "DESX-CBC" */
+&(nid_objs[380]),/* "DOD" */
+&(nid_objs[116]),/* "DSA" */
+&(nid_objs[66]),/* "DSA-SHA" */
+&(nid_objs[113]),/* "DSA-SHA1" */
+&(nid_objs[70]),/* "DSA-SHA1-old" */
+&(nid_objs[67]),/* "DSA-old" */
+&(nid_objs[297]),/* "DVCS" */
+&(nid_objs[48]),/* "Email" */
+&(nid_objs[99]),/* "G" */
+&(nid_objs[101]),/* "I" */
+&(nid_objs[381]),/* "IANA" */
+&(nid_objs[34]),/* "IDEA-CBC" */
+&(nid_objs[35]),/* "IDEA-CFB" */
+&(nid_objs[36]),/* "IDEA-ECB" */
+&(nid_objs[46]),/* "IDEA-OFB" */
+&(nid_objs[181]),/* "ISO" */
+&(nid_objs[183]),/* "ISO-US" */
+&(nid_objs[15]),/* "L" */
+&(nid_objs[ 3]),/* "MD2" */
+&(nid_objs[257]),/* "MD4" */
+&(nid_objs[ 4]),/* "MD5" */
+&(nid_objs[114]),/* "MD5-SHA1" */
+&(nid_objs[95]),/* "MDC2" */
+&(nid_objs[57]),/* "Netscape" */
+&(nid_objs[366]),/* "Nonce" */
+&(nid_objs[17]),/* "O" */
+&(nid_objs[178]),/* "OCSP" */
+&(nid_objs[180]),/* "OCSPSigning" */
+&(nid_objs[379]),/* "ORG" */
+&(nid_objs[18]),/* "OU" */
+&(nid_objs[ 9]),/* "PBE-MD2-DES" */
+&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
+&(nid_objs[10]),/* "PBE-MD5-DES" */
+&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
+&(nid_objs[147]),/* "PBE-SHA1-2DES" */
+&(nid_objs[146]),/* "PBE-SHA1-3DES" */
+&(nid_objs[170]),/* "PBE-SHA1-DES" */
+&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
+&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
+&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
+&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
+&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[69]),/* "PBKDF2" */
+&(nid_objs[162]),/* "PBMAC1" */
+&(nid_objs[127]),/* "PKIX" */
+&(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[166]),/* "RC2-64-CBC" */
+&(nid_objs[37]),/* "RC2-CBC" */
+&(nid_objs[39]),/* "RC2-CFB" */
+&(nid_objs[38]),/* "RC2-ECB" */
+&(nid_objs[40]),/* "RC2-OFB" */
+&(nid_objs[ 5]),/* "RC4" */
+&(nid_objs[97]),/* "RC4-40" */
+&(nid_objs[120]),/* "RC5-CBC" */
+&(nid_objs[122]),/* "RC5-CFB" */
+&(nid_objs[121]),/* "RC5-ECB" */
+&(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[117]),/* "RIPEMD160" */
+&(nid_objs[124]),/* "RLE" */
+&(nid_objs[19]),/* "RSA" */
+&(nid_objs[ 7]),/* "RSA-MD2" */
+&(nid_objs[ 8]),/* "RSA-MD5" */
+&(nid_objs[96]),/* "RSA-MDC2" */
+&(nid_objs[104]),/* "RSA-NP-MD5" */
+&(nid_objs[119]),/* "RSA-RIPEMD160" */
+&(nid_objs[42]),/* "RSA-SHA" */
+&(nid_objs[65]),/* "RSA-SHA1" */
+&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[100]),/* "S" */
+&(nid_objs[41]),/* "SHA" */
+&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[188]),/* "SMIME" */
+&(nid_objs[167]),/* "SMIME-CAPS" */
+&(nid_objs[105]),/* "SN" */
+&(nid_objs[16]),/* "ST" */
+&(nid_objs[143]),/* "SXNetID" */
+&(nid_objs[106]),/* "T" */
+&(nid_objs[102]),/* "UID" */
+&(nid_objs[ 0]),/* "UNDEF" */
+&(nid_objs[11]),/* "X500" */
+&(nid_objs[378]),/* "X500algorithms" */
+&(nid_objs[12]),/* "X509" */
+&(nid_objs[184]),/* "X9-57" */
+&(nid_objs[185]),/* "X9cm" */
+&(nid_objs[125]),/* "ZLIB" */
+&(nid_objs[289]),/* "aaControls" */
+&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[288]),/* "ac-targeting" */
+&(nid_objs[368]),/* "acceptableResponses" */
+&(nid_objs[363]),/* "ad_timestamping" */
+&(nid_objs[376]),/* "algorithm" */
+&(nid_objs[370]),/* "archiveCutoff" */
+&(nid_objs[177]),/* "authorityInfoAccess" */
+&(nid_objs[90]),/* "authorityKeyIdentifier" */
+&(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[365]),/* "basicOCSPResponse" */
+&(nid_objs[285]),/* "biometricInfo" */
+&(nid_objs[179]),/* "caIssuers" */
+&(nid_objs[152]),/* "certBag" */
+&(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[130]),/* "clientAuth" */
+&(nid_objs[131]),/* "codeSigning" */
+&(nid_objs[50]),/* "contentType" */
+&(nid_objs[53]),/* "countersignature" */
+&(nid_objs[153]),/* "crlBag" */
+&(nid_objs[103]),/* "crlDistributionPoints" */
+&(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[390]),/* "dcobject" */
+&(nid_objs[140]),/* "deltaCRL" */
+&(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[382]),/* "directory" */
+&(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[392]),/* "domain" */
+&(nid_objs[132]),/* "emailProtection" */
+&(nid_objs[389]),/* "enterprises" */
+&(nid_objs[384]),/* "experimental" */
+&(nid_objs[172]),/* "extReq" */
+&(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[126]),/* "extendedKeyUsage" */
+&(nid_objs[372]),/* "extendedStatus" */
+&(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[266]),/* "id-aca" */
+&(nid_objs[355]),/* "id-aca-accessIdentity" */
+&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[357]),/* "id-aca-group" */
+&(nid_objs[358]),/* "id-aca-role" */
+&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[262]),/* "id-alg" */
+&(nid_objs[323]),/* "id-alg-des40" */
+&(nid_objs[326]),/* "id-alg-dh-pop" */
+&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+&(nid_objs[324]),/* "id-alg-noSignature" */
+&(nid_objs[268]),/* "id-cct" */
+&(nid_objs[361]),/* "id-cct-PKIData" */
+&(nid_objs[362]),/* "id-cct-PKIResponse" */
+&(nid_objs[360]),/* "id-cct-crs" */
+&(nid_objs[81]),/* "id-ce" */
+&(nid_objs[263]),/* "id-cmc" */
+&(nid_objs[334]),/* "id-cmc-addExtensions" */
+&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+&(nid_objs[330]),/* "id-cmc-dataReturn" */
+&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+&(nid_objs[339]),/* "id-cmc-getCRL" */
+&(nid_objs[338]),/* "id-cmc-getCert" */
+&(nid_objs[328]),/* "id-cmc-identification" */
+&(nid_objs[329]),/* "id-cmc-identityProof" */
+&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+&(nid_objs[343]),/* "id-cmc-queryPending" */
+&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+&(nid_objs[341]),/* "id-cmc-regInfo" */
+&(nid_objs[342]),/* "id-cmc-responseInfo" */
+&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+&(nid_objs[332]),/* "id-cmc-senderNonce" */
+&(nid_objs[327]),/* "id-cmc-statusInfo" */
+&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[260]),/* "id-it" */
+&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+&(nid_objs[298]),/* "id-it-caProtEncCert" */
+&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+&(nid_objs[303]),/* "id-it-currentCRL" */
+&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+&(nid_objs[310]),/* "id-it-implicitConfirm" */
+&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+&(nid_objs[312]),/* "id-it-origPKIMessage" */
+&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+&(nid_objs[309]),/* "id-it-revPassphrase" */
+&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+&(nid_objs[128]),/* "id-kp" */
+&(nid_objs[280]),/* "id-mod-attribute-cert" */
+&(nid_objs[274]),/* "id-mod-cmc" */
+&(nid_objs[277]),/* "id-mod-cmp" */
+&(nid_objs[284]),/* "id-mod-cmp2000" */
+&(nid_objs[273]),/* "id-mod-crmf" */
+&(nid_objs[283]),/* "id-mod-dvcs" */
+&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+&(nid_objs[282]),/* "id-mod-ocsp" */
+&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+&(nid_objs[264]),/* "id-on" */
+&(nid_objs[347]),/* "id-on-personalData" */
+&(nid_objs[265]),/* "id-pda" */
+&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+&(nid_objs[351]),/* "id-pda-gender" */
+&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[350]),/* "id-pda-pseudonym" */
+&(nid_objs[175]),/* "id-pe" */
+&(nid_objs[261]),/* "id-pkip" */
+&(nid_objs[258]),/* "id-pkix-mod" */
+&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+&(nid_objs[267]),/* "id-qcs" */
+&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+&(nid_objs[259]),/* "id-qt" */
+&(nid_objs[164]),/* "id-qt-cps" */
+&(nid_objs[165]),/* "id-qt-unotice" */
+&(nid_objs[313]),/* "id-regCtrl" */
+&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+&(nid_objs[315]),/* "id-regCtrl-regToken" */
+&(nid_objs[314]),/* "id-regInfo" */
+&(nid_objs[322]),/* "id-regInfo-certReq" */
+&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+&(nid_objs[191]),/* "id-smime-aa" */
+&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+&(nid_objs[219]),/* "id-smime-aa-macValue" */
+&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+&(nid_objs[192]),/* "id-smime-alg" */
+&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+&(nid_objs[193]),/* "id-smime-cd" */
+&(nid_objs[248]),/* "id-smime-cd-ldap" */
+&(nid_objs[190]),/* "id-smime-ct" */
+&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+&(nid_objs[204]),/* "id-smime-ct-receipt" */
+&(nid_objs[195]),/* "id-smime-cti" */
+&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+&(nid_objs[189]),/* "id-smime-mod" */
+&(nid_objs[196]),/* "id-smime-mod-cms" */
+&(nid_objs[197]),/* "id-smime-mod-ess" */
+&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+&(nid_objs[198]),/* "id-smime-mod-oid" */
+&(nid_objs[194]),/* "id-smime-spq" */
+&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+&(nid_objs[142]),/* "invalidityDate" */
+&(nid_objs[294]),/* "ipsecEndSystem" */
+&(nid_objs[295]),/* "ipsecTunnel" */
+&(nid_objs[296]),/* "ipsecUser" */
+&(nid_objs[86]),/* "issuerAltName" */
+&(nid_objs[150]),/* "keyBag" */
+&(nid_objs[83]),/* "keyUsage" */
+&(nid_objs[157]),/* "localKeyID" */
+&(nid_objs[388]),/* "mail" */
+&(nid_objs[182]),/* "member-body" */
+&(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[383]),/* "mgmt" */
+&(nid_objs[136]),/* "msCTLSign" */
+&(nid_objs[135]),/* "msCodeCom" */
+&(nid_objs[134]),/* "msCodeInd" */
+&(nid_objs[138]),/* "msEFS" */
+&(nid_objs[171]),/* "msExtReq" */
+&(nid_objs[137]),/* "msSGC" */
+&(nid_objs[173]),/* "name" */
+&(nid_objs[369]),/* "noCheck" */
+&(nid_objs[72]),/* "nsBaseUrl" */
+&(nid_objs[76]),/* "nsCaPolicyUrl" */
+&(nid_objs[74]),/* "nsCaRevocationUrl" */
+&(nid_objs[58]),/* "nsCertExt" */
+&(nid_objs[79]),/* "nsCertSequence" */
+&(nid_objs[71]),/* "nsCertType" */
+&(nid_objs[78]),/* "nsComment" */
+&(nid_objs[59]),/* "nsDataType" */
+&(nid_objs[75]),/* "nsRenewalUrl" */
+&(nid_objs[73]),/* "nsRevocationUrl" */
+&(nid_objs[139]),/* "nsSGC" */
+&(nid_objs[77]),/* "nsSslServerName" */
+&(nid_objs[374]),/* "path" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[ 2]),/* "pkcs" */
+&(nid_objs[186]),/* "pkcs1" */
+&(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[187]),/* "pkcs5" */
+&(nid_objs[20]),/* "pkcs7" */
+&(nid_objs[21]),/* "pkcs7-data" */
+&(nid_objs[25]),/* "pkcs7-digestData" */
+&(nid_objs[26]),/* "pkcs7-encryptedData" */
+&(nid_objs[23]),/* "pkcs7-envelopedData" */
+&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+&(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[385]),/* "private" */
+&(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[377]),/* "rsaSignature" */
+&(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[155]),/* "safeContentsBag" */
+&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[159]),/* "sdsiCertificate" */
+&(nid_objs[154]),/* "secretBag" */
+&(nid_objs[386]),/* "security" */
+&(nid_objs[129]),/* "serverAuth" */
+&(nid_objs[371]),/* "serviceLocator" */
+&(nid_objs[52]),/* "signingTime" */
+&(nid_objs[387]),/* "snmpv2" */
+&(nid_objs[85]),/* "subjectAltName" */
+&(nid_objs[82]),/* "subjectKeyIdentifier" */
+&(nid_objs[293]),/* "textNotice" */
+&(nid_objs[133]),/* "timeStamping" */
+&(nid_objs[375]),/* "trustRoot" */
+&(nid_objs[55]),/* "unstructuredAddress" */
+&(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[373]),/* "valid" */
+&(nid_objs[158]),/* "x509Certificate" */
+&(nid_objs[160]),/* "x509Crl" */
+};
+
+static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[363]),/* "AD Time Stamping" */
+&(nid_objs[368]),/* "Acceptable OCSP Responses" */
+&(nid_objs[177]),/* "Authority Information Access" */
+&(nid_objs[365]),/* "Basic OCSP Response" */
+&(nid_objs[285]),/* "Biometric Info" */
+&(nid_objs[179]),/* "CA Issuers" */
+&(nid_objs[131]),/* "Code Signing" */
+&(nid_objs[382]),/* "Directory" */
+&(nid_objs[392]),/* "Domain" */
+&(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[389]),/* "Enterprises" */
+&(nid_objs[384]),/* "Experimental" */
+&(nid_objs[372]),/* "Extended OCSP Status" */
+&(nid_objs[172]),/* "Extension Request" */
+&(nid_objs[294]),/* "IPSec End System" */
+&(nid_objs[295]),/* "IPSec Tunnel" */
+&(nid_objs[296]),/* "IPSec User" */
+&(nid_objs[182]),/* "ISO Member Body" */
+&(nid_objs[183]),/* "ISO US Member Body" */
+&(nid_objs[142]),/* "Invalidity Date" */
+&(nid_objs[388]),/* "Mail" */
+&(nid_objs[383]),/* "Management" */
+&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
+&(nid_objs[138]),/* "Microsoft Encrypted File System" */
+&(nid_objs[171]),/* "Microsoft Extension Request" */
+&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+&(nid_objs[72]),/* "Netscape Base Url" */
+&(nid_objs[76]),/* "Netscape CA Policy Url" */
+&(nid_objs[74]),/* "Netscape CA Revocation Url" */
+&(nid_objs[71]),/* "Netscape Cert Type" */
+&(nid_objs[58]),/* "Netscape Certificate Extension" */
+&(nid_objs[79]),/* "Netscape Certificate Sequence" */
+&(nid_objs[78]),/* "Netscape Comment" */
+&(nid_objs[57]),/* "Netscape Communications Corp." */
+&(nid_objs[59]),/* "Netscape Data Type" */
+&(nid_objs[75]),/* "Netscape Renewal Url" */
+&(nid_objs[73]),/* "Netscape Revocation Url" */
+&(nid_objs[77]),/* "Netscape SSL Server Name" */
+&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[178]),/* "OCSP" */
+&(nid_objs[370]),/* "OCSP Archive Cutoff" */
+&(nid_objs[367]),/* "OCSP CRL ID" */
+&(nid_objs[366]),/* "OCSP Nonce" */
+&(nid_objs[371]),/* "OCSP Service Locator" */
+&(nid_objs[180]),/* "OCSP Signing" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[69]),/* "PBKDF2" */
+&(nid_objs[162]),/* "PBMAC1" */
+&(nid_objs[127]),/* "PKIX" */
+&(nid_objs[164]),/* "Policy Qualifier CPS" */
+&(nid_objs[165]),/* "Policy Qualifier User Notice" */
+&(nid_objs[385]),/* "Private" */
+&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
+&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
+&(nid_objs[188]),/* "S/MIME" */
+&(nid_objs[167]),/* "S/MIME Capabilities" */
+&(nid_objs[387]),/* "SNMPv2" */
+&(nid_objs[386]),/* "Security" */
+&(nid_objs[143]),/* "Strong Extranet ID" */
+&(nid_objs[130]),/* "TLS Web Client Authentication" */
+&(nid_objs[129]),/* "TLS Web Server Authentication" */
+&(nid_objs[133]),/* "Time Stamping" */
+&(nid_objs[375]),/* "Trust Root" */
+&(nid_objs[12]),/* "X509" */
+&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+&(nid_objs[87]),/* "X509v3 Basic Constraints" */
+&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+&(nid_objs[88]),/* "X509v3 CRL Number" */
+&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
+&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
+&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+&(nid_objs[184]),/* "X9.57" */
+&(nid_objs[185]),/* "X9.57 CM ?" */
+&(nid_objs[289]),/* "aaControls" */
+&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[288]),/* "ac-targeting" */
+&(nid_objs[364]),/* "ad dvcs" */
+&(nid_objs[376]),/* "algorithm" */
+&(nid_objs[91]),/* "bf-cbc" */
+&(nid_objs[93]),/* "bf-cfb" */
+&(nid_objs[92]),/* "bf-ecb" */
+&(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[108]),/* "cast5-cbc" */
+&(nid_objs[110]),/* "cast5-cfb" */
+&(nid_objs[109]),/* "cast5-ecb" */
+&(nid_objs[111]),/* "cast5-ofb" */
+&(nid_objs[152]),/* "certBag" */
+&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[13]),/* "commonName" */
+&(nid_objs[50]),/* "contentType" */
+&(nid_objs[53]),/* "countersignature" */
+&(nid_objs[14]),/* "countryName" */
+&(nid_objs[153]),/* "crlBag" */
+&(nid_objs[390]),/* "dcObject" */
+&(nid_objs[31]),/* "des-cbc" */
+&(nid_objs[30]),/* "des-cfb" */
+&(nid_objs[29]),/* "des-ecb" */
+&(nid_objs[32]),/* "des-ede" */
+&(nid_objs[43]),/* "des-ede-cbc" */
+&(nid_objs[60]),/* "des-ede-cfb" */
+&(nid_objs[62]),/* "des-ede-ofb" */
+&(nid_objs[33]),/* "des-ede3" */
+&(nid_objs[44]),/* "des-ede3-cbc" */
+&(nid_objs[61]),/* "des-ede3-cfb" */
+&(nid_objs[63]),/* "des-ede3-ofb" */
+&(nid_objs[45]),/* "des-ofb" */
+&(nid_objs[107]),/* "description" */
+&(nid_objs[80]),/* "desx-cbc" */
+&(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[11]),/* "directory services (X.500)" */
+&(nid_objs[378]),/* "directory services - algorithms" */
+&(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[380]),/* "dod" */
+&(nid_objs[391]),/* "domainComponent" */
+&(nid_objs[116]),/* "dsaEncryption" */
+&(nid_objs[67]),/* "dsaEncryption-old" */
+&(nid_objs[66]),/* "dsaWithSHA" */
+&(nid_objs[113]),/* "dsaWithSHA1" */
+&(nid_objs[70]),/* "dsaWithSHA1-old" */
+&(nid_objs[297]),/* "dvcs" */
+&(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[99]),/* "givenName" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[381]),/* "iana" */
+&(nid_objs[266]),/* "id-aca" */
+&(nid_objs[355]),/* "id-aca-accessIdentity" */
+&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[357]),/* "id-aca-group" */
+&(nid_objs[358]),/* "id-aca-role" */
+&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[262]),/* "id-alg" */
+&(nid_objs[323]),/* "id-alg-des40" */
+&(nid_objs[326]),/* "id-alg-dh-pop" */
+&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+&(nid_objs[324]),/* "id-alg-noSignature" */
+&(nid_objs[268]),/* "id-cct" */
+&(nid_objs[361]),/* "id-cct-PKIData" */
+&(nid_objs[362]),/* "id-cct-PKIResponse" */
+&(nid_objs[360]),/* "id-cct-crs" */
+&(nid_objs[81]),/* "id-ce" */
+&(nid_objs[263]),/* "id-cmc" */
+&(nid_objs[334]),/* "id-cmc-addExtensions" */
+&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+&(nid_objs[330]),/* "id-cmc-dataReturn" */
+&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+&(nid_objs[339]),/* "id-cmc-getCRL" */
+&(nid_objs[338]),/* "id-cmc-getCert" */
+&(nid_objs[328]),/* "id-cmc-identification" */
+&(nid_objs[329]),/* "id-cmc-identityProof" */
+&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+&(nid_objs[343]),/* "id-cmc-queryPending" */
+&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+&(nid_objs[341]),/* "id-cmc-regInfo" */
+&(nid_objs[342]),/* "id-cmc-responseInfo" */
+&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+&(nid_objs[332]),/* "id-cmc-senderNonce" */
+&(nid_objs[327]),/* "id-cmc-statusInfo" */
+&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[260]),/* "id-it" */
+&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+&(nid_objs[298]),/* "id-it-caProtEncCert" */
+&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+&(nid_objs[303]),/* "id-it-currentCRL" */
+&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+&(nid_objs[310]),/* "id-it-implicitConfirm" */
+&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+&(nid_objs[312]),/* "id-it-origPKIMessage" */
+&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+&(nid_objs[309]),/* "id-it-revPassphrase" */
+&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+&(nid_objs[128]),/* "id-kp" */
+&(nid_objs[280]),/* "id-mod-attribute-cert" */
+&(nid_objs[274]),/* "id-mod-cmc" */
+&(nid_objs[277]),/* "id-mod-cmp" */
+&(nid_objs[284]),/* "id-mod-cmp2000" */
+&(nid_objs[273]),/* "id-mod-crmf" */
+&(nid_objs[283]),/* "id-mod-dvcs" */
+&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+&(nid_objs[282]),/* "id-mod-ocsp" */
+&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+&(nid_objs[264]),/* "id-on" */
+&(nid_objs[347]),/* "id-on-personalData" */
+&(nid_objs[265]),/* "id-pda" */
+&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+&(nid_objs[351]),/* "id-pda-gender" */
+&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[350]),/* "id-pda-pseudonym" */
+&(nid_objs[175]),/* "id-pe" */
+&(nid_objs[261]),/* "id-pkip" */
+&(nid_objs[258]),/* "id-pkix-mod" */
+&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+&(nid_objs[267]),/* "id-qcs" */
+&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+&(nid_objs[259]),/* "id-qt" */
+&(nid_objs[313]),/* "id-regCtrl" */
+&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+&(nid_objs[315]),/* "id-regCtrl-regToken" */
+&(nid_objs[314]),/* "id-regInfo" */
+&(nid_objs[322]),/* "id-regInfo-certReq" */
+&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+&(nid_objs[191]),/* "id-smime-aa" */
+&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+&(nid_objs[219]),/* "id-smime-aa-macValue" */
+&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+&(nid_objs[192]),/* "id-smime-alg" */
+&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+&(nid_objs[193]),/* "id-smime-cd" */
+&(nid_objs[248]),/* "id-smime-cd-ldap" */
+&(nid_objs[190]),/* "id-smime-ct" */
+&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+&(nid_objs[204]),/* "id-smime-ct-receipt" */
+&(nid_objs[195]),/* "id-smime-cti" */
+&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+&(nid_objs[189]),/* "id-smime-mod" */
+&(nid_objs[196]),/* "id-smime-mod-cms" */
+&(nid_objs[197]),/* "id-smime-mod-ess" */
+&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+&(nid_objs[198]),/* "id-smime-mod-oid" */
+&(nid_objs[194]),/* "id-smime-spq" */
+&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+&(nid_objs[34]),/* "idea-cbc" */
+&(nid_objs[35]),/* "idea-cfb" */
+&(nid_objs[36]),/* "idea-ecb" */
+&(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[101]),/* "initials" */
+&(nid_objs[181]),/* "iso" */
+&(nid_objs[150]),/* "keyBag" */
+&(nid_objs[157]),/* "localKeyID" */
+&(nid_objs[15]),/* "localityName" */
+&(nid_objs[ 3]),/* "md2" */
+&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+&(nid_objs[257]),/* "md4" */
+&(nid_objs[ 4]),/* "md5" */
+&(nid_objs[114]),/* "md5-sha1" */
+&(nid_objs[104]),/* "md5WithRSA" */
+&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
+&(nid_objs[95]),/* "mdc2" */
+&(nid_objs[96]),/* "mdc2WithRSA" */
+&(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[173]),/* "name" */
+&(nid_objs[369]),/* "noCheck" */
+&(nid_objs[379]),/* "org" */
+&(nid_objs[17]),/* "organizationName" */
+&(nid_objs[18]),/* "organizationalUnitName" */
+&(nid_objs[374]),/* "path" */
+&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
+&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
+&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
+&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
+&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
+&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
+&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+&(nid_objs[186]),/* "pkcs1" */
+&(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[187]),/* "pkcs5" */
+&(nid_objs[20]),/* "pkcs7" */
+&(nid_objs[21]),/* "pkcs7-data" */
+&(nid_objs[25]),/* "pkcs7-digestData" */
+&(nid_objs[26]),/* "pkcs7-encryptedData" */
+&(nid_objs[23]),/* "pkcs7-envelopedData" */
+&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+&(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[166]),/* "rc2-64-cbc" */
+&(nid_objs[37]),/* "rc2-cbc" */
+&(nid_objs[39]),/* "rc2-cfb" */
+&(nid_objs[38]),/* "rc2-ecb" */
+&(nid_objs[40]),/* "rc2-ofb" */
+&(nid_objs[ 5]),/* "rc4" */
+&(nid_objs[97]),/* "rc4-40" */
+&(nid_objs[120]),/* "rc5-cbc" */
+&(nid_objs[122]),/* "rc5-cfb" */
+&(nid_objs[121]),/* "rc5-ecb" */
+&(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[117]),/* "ripemd160" */
+&(nid_objs[119]),/* "ripemd160WithRSA" */
+&(nid_objs[19]),/* "rsa" */
+&(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[377]),/* "rsaSignature" */
+&(nid_objs[124]),/* "run length compression" */
+&(nid_objs[155]),/* "safeContentsBag" */
+&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[159]),/* "sdsiCertificate" */
+&(nid_objs[154]),/* "secretBag" */
+&(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[41]),/* "sha" */
+&(nid_objs[64]),/* "sha1" */
+&(nid_objs[115]),/* "sha1WithRSA" */
+&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[42]),/* "shaWithRSAEncryption" */
+&(nid_objs[52]),/* "signingTime" */
+&(nid_objs[16]),/* "stateOrProvinceName" */
+&(nid_objs[100]),/* "surname" */
+&(nid_objs[293]),/* "textNotice" */
+&(nid_objs[106]),/* "title" */
+&(nid_objs[ 0]),/* "undefined" */
+&(nid_objs[102]),/* "uniqueIdentifier" */
+&(nid_objs[55]),/* "unstructuredAddress" */
+&(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[373]),/* "valid" */
+&(nid_objs[158]),/* "x509Certificate" */
+&(nid_objs[160]),/* "x509Crl" */
+&(nid_objs[125]),/* "zlib compression" */
+};
+
+static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+&(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[389]),/* OBJ_Enterprises                   1 */
+&(nid_objs[181]),/* OBJ_iso                          1 */
+&(nid_objs[182]),/* OBJ_member_body                  1 2 */
+&(nid_objs[379]),/* OBJ_org                          1 3 */
+&(nid_objs[11]),/* OBJ_X500                         2 5 */
+&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
+&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
+&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
+&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
+&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
+&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
+&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
+&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
+&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
+&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
+&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
+&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
+&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+&(nid_objs[390]),/* OBJ_dcObject                      1466 344 */
+&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
+&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
+&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
+&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
+&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
+&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
+&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
+&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
+&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
+&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
+&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
+&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
+&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
+&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
+&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
+&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
+&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
+&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
+&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+&(nid_objs[350]),/* OBJ_id_pda_pseudonym             1 3 6 1 5 5 7 9 3 */
+&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 4 */
+&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 5 */
+&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 6 */
+&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+};
+
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl
index e6e3c3b9c0..11066df680 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -46,10 +46,28 @@ while (<IN>)
         next unless /^\#define\s+(\S+)\s+(.*)$/;
         $v=$1;
         $d=$2;
+        $d =~ s/^\"//;
+        $d =~ s/\"$//;
         if ($v =~ /^SN_(.*)$/)
-                { $sn{$1}=$d; }
+                {
+                if(defined $snames{$d})
+                        {
+                        print "WARNING: Duplicate short name \"$d\"\n";
+                        }
+                else 
+                        { $snames{$d} = "X"; }
+                $sn{$1}=$d;
+                }
         elsif ($v =~ /^LN_(.*)$/)
-                { $ln{$1}=$d; }
+                {
+                if(defined $lnames{$d})
+                        {
+                        print "WARNING: Duplicate long name \"$d\"\n";
+                        }
+                else 
+                        { $lnames{$d} = "X"; }
+                $ln{$1}=$d;
+                }
         elsif ($v =~ /^NID_(.*)$/)
                 { $nid{$d}=$1; }
         elsif ($v =~ /^OBJ_(.*)$/)
@@ -78,11 +96,20 @@ for ($i=0; $i<$n; $i++)
                 {
                 $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
                 $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
-                $sn=$ln if ($sn eq "NULL");
-                $ln=$sn if ($ln eq "NULL");
+
+                if ($sn eq "NULL") {
+                        $sn=$ln;
+                        $sn{$nid{$i}} = $ln;
+                }
+
+                if ($ln eq "NULL") {
+                        $ln=$sn;
+                        $ln{$nid{$i}} = $sn;
+                }
+                        
                 $out ="{";
-                $out.=$sn;
-                $out.=",".$ln;
+                $out.="\"$sn\"";
+                $out.=","."\"$ln\"";
                 $out.=",NID_$nid{$i},";
                 if (defined($obj{$nid{$i}}))
                         {
@@ -117,13 +144,13 @@ for ($i=0; $i<$n; $i++)
 @a=grep(defined($sn{$nid{$_}}),0 .. $n);
 foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
         {
-        push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_));
+        push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
         }
 
 @a=grep(defined($ln{$nid{$_}}),0 .. $n);
 foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
         {
-        push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_));
+        push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
         }
 
 @a=grep(defined($obj{$nid{$_}}),0 .. $n);
diff --git a/src/lib/libssl/src/crypto/objects/obj_lib.c b/src/lib/libssl/src/crypto/objects/obj_lib.c
index 1a1ba0fc06..0c71639eba 100644
--- a/src/lib/libssl/src/crypto/objects/obj_lib.c
+++ b/src/lib/libssl/src/crypto/objects/obj_lib.c
@@ -78,7 +78,7 @@ ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
                 OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
                 return(NULL);
                 }
-        r->data=Malloc(o->length);
+        r->data=OPENSSL_malloc(o->length);
         if (r->data == NULL)
                 goto err;
         memcpy(r->data,o->data,o->length);
@@ -88,7 +88,7 @@ ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
         if (o->ln != NULL)
                 {
                 i=strlen(o->ln)+1;
-                r->ln=ln=Malloc(i);
+                r->ln=ln=OPENSSL_malloc(i);
                 if (r->ln == NULL) goto err;
                 memcpy(ln,o->ln,i);
                 }
@@ -98,7 +98,7 @@ ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
                 char *s;
 
                 i=strlen(o->sn)+1;
-                r->sn=s=Malloc(i);
+                r->sn=s=OPENSSL_malloc(i);
                 if (r->sn == NULL) goto err;
                 memcpy(s,o->sn,i);
                 }
@@ -109,9 +109,9 @@ err:
         OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
         if (r != NULL)
                 {
-                if (ln != NULL) Free(ln);
-                if (r->data != NULL) Free(r->data);
-                Free(r);
+                if (ln != NULL) OPENSSL_free(ln);
+                if (r->data != NULL) OPENSSL_free(r->data);
+                OPENSSL_free(r);
                 }
         return(NULL);
         }
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h
new file mode 100644
index 0000000000..401b1e5a1b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.h
@@ -0,0 +1,1798 @@
+/* lib/obj/obj_mac.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+ * following command:
+ * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+#define SN_iso          "ISO"
+#define LN_iso          "iso"
+#define NID_iso         181
+#define OBJ_iso         1L
+
+#define SN_member_body          "member-body"
+#define LN_member_body          "ISO Member Body"
+#define NID_member_body         182
+#define OBJ_member_body         OBJ_iso,2L
+
+#define SN_ISO_US               "ISO-US"
+#define LN_ISO_US               "ISO US Member Body"
+#define NID_ISO_US              183
+#define OBJ_ISO_US              OBJ_member_body,840L
+
+#define SN_X9_57                "X9-57"
+#define LN_X9_57                "X9.57"
+#define NID_X9_57               184
+#define OBJ_X9_57               OBJ_ISO_US,10040L
+
+#define SN_X9cm         "X9cm"
+#define LN_X9cm         "X9.57 CM ?"
+#define NID_X9cm                185
+#define OBJ_X9cm                OBJ_X9_57,4L
+
+#define SN_dsa          "DSA"
+#define LN_dsa          "dsaEncryption"
+#define NID_dsa         116
+#define OBJ_dsa         OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1          "DSA-SHA1"
+#define LN_dsaWithSHA1          "dsaWithSHA1"
+#define NID_dsaWithSHA1         113
+#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
+
+#define SN_cast5_cbc            "CAST5-CBC"
+#define LN_cast5_cbc            "cast5-cbc"
+#define NID_cast5_cbc           108
+#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb            "CAST5-ECB"
+#define LN_cast5_ecb            "cast5-ecb"
+#define NID_cast5_ecb           109
+
+#define SN_cast5_cfb64          "CAST5-CFB"
+#define LN_cast5_cfb64          "cast5-cfb"
+#define NID_cast5_cfb64         110
+
+#define SN_cast5_ofb64          "CAST5-OFB"
+#define LN_cast5_ofb64          "cast5-ofb"
+#define NID_cast5_ofb64         111
+
+#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC              112
+#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_rsadsi               "rsadsi"
+#define LN_rsadsi               "RSA Data Security, Inc."
+#define NID_rsadsi              1
+#define OBJ_rsadsi              OBJ_ISO_US,113549L
+
+#define SN_pkcs         "pkcs"
+#define LN_pkcs         "RSA Data Security, Inc. PKCS"
+#define NID_pkcs                2
+#define OBJ_pkcs                OBJ_rsadsi,1L
+
+#define SN_pkcs1                "pkcs1"
+#define NID_pkcs1               186
+#define OBJ_pkcs1               OBJ_pkcs,1L
+
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption                7
+#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
+
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption                8
+#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption                "RSA-SHA1"
+#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption               65
+#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
+
+#define SN_pkcs3                "pkcs3"
+#define NID_pkcs3               27
+#define OBJ_pkcs3               OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#define SN_pkcs5                "pkcs5"
+#define NID_pkcs5               187
+#define OBJ_pkcs5               OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC                9
+#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC                10
+#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC                168
+#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC                169
+#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC               170
+#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC               68
+#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2            "PBKDF2"
+#define NID_id_pbkdf2           69
+#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
+
+#define LN_pbes2                "PBES2"
+#define NID_pbes2               161
+#define OBJ_pbes2               OBJ_pkcs5,13L
+
+#define LN_pbmac1               "PBMAC1"
+#define NID_pbmac1              162
+#define OBJ_pbmac1              OBJ_pkcs5,14L
+
+#define SN_pkcs7                "pkcs7"
+#define NID_pkcs7               20
+#define OBJ_pkcs7               OBJ_pkcs,7L
+
+#define LN_pkcs7_data           "pkcs7-data"
+#define NID_pkcs7_data          21
+#define OBJ_pkcs7_data          OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed         "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped            24
+#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest         "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#define SN_pkcs9                "pkcs9"
+#define NID_pkcs9               47
+#define OBJ_pkcs9               OBJ_pkcs,9L
+
+#define SN_pkcs9_emailAddress           "Email"
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName               "unstructuredName"
+#define NID_pkcs9_unstructuredName              49
+#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature               "countersignature"
+#define NID_pkcs9_countersignature              53
+#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword              "challengePassword"
+#define NID_pkcs9_challengePassword             54
+#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress           55
+#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes             56
+#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
+
+#define SN_ext_req              "extReq"
+#define LN_ext_req              "Extension Request"
+#define NID_ext_req             172
+#define OBJ_ext_req             OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities            "SMIME-CAPS"
+#define LN_SMIMECapabilities            "S/MIME Capabilities"
+#define NID_SMIMECapabilities           167
+#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#define SN_SMIME                "SMIME"
+#define LN_SMIME                "S/MIME"
+#define NID_SMIME               188
+#define OBJ_SMIME               OBJ_pkcs9,16L
+
+#define SN_id_smime_mod         "id-smime-mod"
+#define NID_id_smime_mod                189
+#define OBJ_id_smime_mod                OBJ_SMIME,0L
+
+#define SN_id_smime_ct          "id-smime-ct"
+#define NID_id_smime_ct         190
+#define OBJ_id_smime_ct         OBJ_SMIME,1L
+
+#define SN_id_smime_aa          "id-smime-aa"
+#define NID_id_smime_aa         191
+#define OBJ_id_smime_aa         OBJ_SMIME,2L
+
+#define SN_id_smime_alg         "id-smime-alg"
+#define NID_id_smime_alg                192
+#define OBJ_id_smime_alg                OBJ_SMIME,3L
+
+#define SN_id_smime_cd          "id-smime-cd"
+#define NID_id_smime_cd         193
+#define OBJ_id_smime_cd         OBJ_SMIME,4L
+
+#define SN_id_smime_spq         "id-smime-spq"
+#define NID_id_smime_spq                194
+#define OBJ_id_smime_spq                OBJ_SMIME,5L
+
+#define SN_id_smime_cti         "id-smime-cti"
+#define NID_id_smime_cti                195
+#define OBJ_id_smime_cti                OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms             "id-smime-mod-cms"
+#define NID_id_smime_mod_cms            196
+#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess             "id-smime-mod-ess"
+#define NID_id_smime_mod_ess            197
+#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid             "id-smime-mod-oid"
+#define NID_id_smime_mod_oid            198
+#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3         199
+#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88              200
+#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97              201
+#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88              202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97              203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt         204
+#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData         "id-smime-ct-authData"
+#define NID_id_smime_ct_authData                205
+#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert             206
+#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo         207
+#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo         208
+#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo             209
+#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData         210
+#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData                211
+#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
+
+#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest          212
+#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel           213
+#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory         214
+#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint             215
+#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest            216
+#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType                217
+#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier               218
+#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue                219
+#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels                220
+#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference                221
+#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref           222
+#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate              223
+#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts               224
+#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken          225
+#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId         226
+#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType              227
+#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation              228
+#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr          229
+#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert                230
+#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp            231
+#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs             232
+#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs              233
+#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues          234
+#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues            235
+#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp                236
+#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp            237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp            238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType           239
+#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc                240
+#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
+
+#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES           241
+#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2            242
+#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap               243
+#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap                244
+#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH           245
+#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap            246
+#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap             247
+#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
+
+#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap            248
+#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri            249
+#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice                250
+#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin              251
+#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt             252
+#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery            253
+#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender              254
+#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval            255
+#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation            256
+#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
+
+#define LN_friendlyName         "friendlyName"
+#define NID_friendlyName                156
+#define OBJ_friendlyName                OBJ_pkcs9,20L
+
+#define LN_localKeyID           "localKeyID"
+#define NID_localKeyID          157
+#define OBJ_localKeyID          OBJ_pkcs9,21L
+
+#define OBJ_certTypes           OBJ_pkcs9,22L
+
+#define LN_x509Certificate              "x509Certificate"
+#define NID_x509Certificate             158
+#define OBJ_x509Certificate             OBJ_certTypes,1L
+
+#define LN_sdsiCertificate              "sdsiCertificate"
+#define NID_sdsiCertificate             159
+#define OBJ_sdsiCertificate             OBJ_certTypes,2L
+
+#define OBJ_crlTypes            OBJ_pkcs9,23L
+
+#define LN_x509Crl              "x509Crl"
+#define NID_x509Crl             160
+#define OBJ_x509Crl             OBJ_crlTypes,1L
+
+#define OBJ_pkcs12              OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4            144
+#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4             145
+#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC                148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC         149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag               "keyBag"
+#define NID_keyBag              150
+#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag         151
+#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag              "certBag"
+#define NID_certBag             152
+#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag               "crlBag"
+#define NID_crlBag              153
+#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag            "secretBag"
+#define NID_secretBag           154
+#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag              "safeContentsBag"
+#define NID_safeContentsBag             155
+#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
+
+#define SN_md2          "MD2"
+#define LN_md2          "md2"
+#define NID_md2         3
+#define OBJ_md2         OBJ_rsadsi,2L,2L
+
+#define SN_md4          "MD4"
+#define LN_md4          "md4"
+#define NID_md4         257
+#define OBJ_md4         OBJ_rsadsi,2L,4L
+
+#define SN_md5          "MD5"
+#define LN_md5          "md5"
+#define NID_md5         4
+#define OBJ_md5         OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1             "MD5-SHA1"
+#define LN_md5_sha1             "md5-sha1"
+#define NID_md5_sha1            114
+
+#define LN_hmacWithSHA1         "hmacWithSHA1"
+#define NID_hmacWithSHA1                163
+#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
+
+#define SN_rc2_cbc              "RC2-CBC"
+#define LN_rc2_cbc              "rc2-cbc"
+#define NID_rc2_cbc             37
+#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb              "RC2-ECB"
+#define LN_rc2_ecb              "rc2-ecb"
+#define NID_rc2_ecb             38
+
+#define SN_rc2_cfb64            "RC2-CFB"
+#define LN_rc2_cfb64            "rc2-cfb"
+#define NID_rc2_cfb64           39
+
+#define SN_rc2_ofb64            "RC2-OFB"
+#define LN_rc2_ofb64            "rc2-ofb"
+#define NID_rc2_ofb64           40
+
+#define SN_rc2_40_cbc           "RC2-40-CBC"
+#define LN_rc2_40_cbc           "rc2-40-cbc"
+#define NID_rc2_40_cbc          98
+
+#define SN_rc2_64_cbc           "RC2-64-CBC"
+#define LN_rc2_64_cbc           "rc2-64-cbc"
+#define NID_rc2_64_cbc          166
+
+#define SN_rc4          "RC4"
+#define LN_rc4          "rc4"
+#define NID_rc4         5
+#define OBJ_rc4         OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40               "RC4-40"
+#define LN_rc4_40               "rc4-40"
+#define NID_rc4_40              97
+
+#define SN_des_ede3_cbc         "DES-EDE3-CBC"
+#define LN_des_ede3_cbc         "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc              "RC5-CBC"
+#define LN_rc5_cbc              "rc5-cbc"
+#define NID_rc5_cbc             120
+#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb              "RC5-ECB"
+#define LN_rc5_ecb              "rc5-ecb"
+#define NID_rc5_ecb             121
+
+#define SN_rc5_cfb64            "RC5-CFB"
+#define LN_rc5_cfb64            "rc5-cfb"
+#define NID_rc5_cfb64           122
+
+#define SN_rc5_ofb64            "RC5-OFB"
+#define LN_rc5_ofb64            "rc5-ofb"
+#define NID_rc5_ofb64           123
+
+#define SN_ms_ext_req           "msExtReq"
+#define LN_ms_ext_req           "Microsoft Extension Request"
+#define NID_ms_ext_req          171
+#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind          "msCodeInd"
+#define LN_ms_code_ind          "Microsoft Individual Code Signing"
+#define NID_ms_code_ind         134
+#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com          "msCodeCom"
+#define LN_ms_code_com          "Microsoft Commercial Code Signing"
+#define NID_ms_code_com         135
+#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign          "msCTLSign"
+#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign         136
+#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc               "msSGC"
+#define LN_ms_sgc               "Microsoft Server Gated Crypto"
+#define NID_ms_sgc              137
+#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs               "msEFS"
+#define LN_ms_efs               "Microsoft Encrypted File System"
+#define NID_ms_efs              138
+#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_idea_cbc             "IDEA-CBC"
+#define LN_idea_cbc             "idea-cbc"
+#define NID_idea_cbc            34
+#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb             "IDEA-ECB"
+#define LN_idea_ecb             "idea-ecb"
+#define NID_idea_ecb            36
+
+#define SN_idea_cfb64           "IDEA-CFB"
+#define LN_idea_cfb64           "idea-cfb"
+#define NID_idea_cfb64          35
+
+#define SN_idea_ofb64           "IDEA-OFB"
+#define LN_idea_ofb64           "idea-ofb"
+#define NID_idea_ofb64          46
+
+#define SN_bf_cbc               "BF-CBC"
+#define LN_bf_cbc               "bf-cbc"
+#define NID_bf_cbc              91
+#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb               "BF-ECB"
+#define LN_bf_ecb               "bf-ecb"
+#define NID_bf_ecb              92
+
+#define SN_bf_cfb64             "BF-CFB"
+#define LN_bf_cfb64             "bf-cfb"
+#define NID_bf_cfb64            93
+
+#define SN_bf_ofb64             "BF-OFB"
+#define LN_bf_ofb64             "bf-ofb"
+#define NID_bf_ofb64            94
+
+#define SN_id_pkix              "PKIX"
+#define NID_id_pkix             127
+#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod          "id-pkix-mod"
+#define NID_id_pkix_mod         258
+#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
+
+#define SN_id_pe                "id-pe"
+#define NID_id_pe               175
+#define OBJ_id_pe               OBJ_id_pkix,1L
+
+#define SN_id_qt                "id-qt"
+#define NID_id_qt               259
+#define OBJ_id_qt               OBJ_id_pkix,2L
+
+#define SN_id_kp                "id-kp"
+#define NID_id_kp               128
+#define OBJ_id_kp               OBJ_id_pkix,3L
+
+#define SN_id_it                "id-it"
+#define NID_id_it               260
+#define OBJ_id_it               OBJ_id_pkix,4L
+
+#define SN_id_pkip              "id-pkip"
+#define NID_id_pkip             261
+#define OBJ_id_pkip             OBJ_id_pkix,5L
+
+#define SN_id_alg               "id-alg"
+#define NID_id_alg              262
+#define OBJ_id_alg              OBJ_id_pkix,6L
+
+#define SN_id_cmc               "id-cmc"
+#define NID_id_cmc              263
+#define OBJ_id_cmc              OBJ_id_pkix,7L
+
+#define SN_id_on                "id-on"
+#define NID_id_on               264
+#define OBJ_id_on               OBJ_id_pkix,8L
+
+#define SN_id_pda               "id-pda"
+#define NID_id_pda              265
+#define OBJ_id_pda              OBJ_id_pkix,9L
+
+#define SN_id_aca               "id-aca"
+#define NID_id_aca              266
+#define OBJ_id_aca              OBJ_id_pkix,10L
+
+#define SN_id_qcs               "id-qcs"
+#define NID_id_qcs              267
+#define OBJ_id_qcs              OBJ_id_pkix,11L
+
+#define SN_id_cct               "id-cct"
+#define NID_id_cct              268
+#define OBJ_id_cct              OBJ_id_pkix,12L
+
+#define SN_id_ad                "id-ad"
+#define NID_id_ad               176
+#define OBJ_id_ad               OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88                269
+#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88                270
+#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93                271
+#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93                272
+#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf          "id-mod-crmf"
+#define NID_id_mod_crmf         273
+#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc           "id-mod-cmc"
+#define NID_id_mod_cmc          274
+#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88               275
+#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93               276
+#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp           "id-mod-cmp"
+#define NID_id_mod_cmp          277
+#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88            278
+#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93            279
+#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert               280
+#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol           281
+#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp          "id-mod-ocsp"
+#define NID_id_mod_ocsp         282
+#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs          "id-mod-dvcs"
+#define NID_id_mod_dvcs         283
+#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000               "id-mod-cmp2000"
+#define NID_id_mod_cmp2000              284
+#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
+
+#define SN_info_access          "authorityInfoAccess"
+#define LN_info_access          "Authority Information Access"
+#define NID_info_access         177
+#define OBJ_info_access         OBJ_id_pe,1L
+
+#define SN_biometricInfo                "biometricInfo"
+#define LN_biometricInfo                "Biometric Info"
+#define NID_biometricInfo               285
+#define OBJ_biometricInfo               OBJ_id_pe,2L
+
+#define SN_qcStatements         "qcStatements"
+#define NID_qcStatements                286
+#define OBJ_qcStatements                OBJ_id_pe,3L
+
+#define SN_ac_auditEntity               "ac-auditEntity"
+#define NID_ac_auditEntity              287
+#define OBJ_ac_auditEntity              OBJ_id_pe,4L
+
+#define SN_ac_targeting         "ac-targeting"
+#define NID_ac_targeting                288
+#define OBJ_ac_targeting                OBJ_id_pe,5L
+
+#define SN_aaControls           "aaControls"
+#define NID_aaControls          289
+#define OBJ_aaControls          OBJ_id_pe,6L
+
+#define SN_sbqp_ipAddrBlock             "sbqp-ipAddrBlock"
+#define NID_sbqp_ipAddrBlock            290
+#define OBJ_sbqp_ipAddrBlock            OBJ_id_pe,7L
+
+#define SN_sbqp_autonomousSysNum                "sbqp-autonomousSysNum"
+#define NID_sbqp_autonomousSysNum               291
+#define OBJ_sbqp_autonomousSysNum               OBJ_id_pe,8L
+
+#define SN_sbqp_routerIdentifier                "sbqp-routerIdentifier"
+#define NID_sbqp_routerIdentifier               292
+#define OBJ_sbqp_routerIdentifier               OBJ_id_pe,9L
+
+#define SN_id_qt_cps            "id-qt-cps"
+#define LN_id_qt_cps            "Policy Qualifier CPS"
+#define NID_id_qt_cps           164
+#define OBJ_id_qt_cps           OBJ_id_qt,1L
+
+#define SN_id_qt_unotice                "id-qt-unotice"
+#define LN_id_qt_unotice                "Policy Qualifier User Notice"
+#define NID_id_qt_unotice               165
+#define OBJ_id_qt_unotice               OBJ_id_qt,2L
+
+#define SN_textNotice           "textNotice"
+#define NID_textNotice          293
+#define OBJ_textNotice          OBJ_id_qt,3L
+
+#define SN_server_auth          "serverAuth"
+#define LN_server_auth          "TLS Web Server Authentication"
+#define NID_server_auth         129
+#define OBJ_server_auth         OBJ_id_kp,1L
+
+#define SN_client_auth          "clientAuth"
+#define LN_client_auth          "TLS Web Client Authentication"
+#define NID_client_auth         130
+#define OBJ_client_auth         OBJ_id_kp,2L
+
+#define SN_code_sign            "codeSigning"
+#define LN_code_sign            "Code Signing"
+#define NID_code_sign           131
+#define OBJ_code_sign           OBJ_id_kp,3L
+
+#define SN_email_protect                "emailProtection"
+#define LN_email_protect                "E-mail Protection"
+#define NID_email_protect               132
+#define OBJ_email_protect               OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem               "ipsecEndSystem"
+#define LN_ipsecEndSystem               "IPSec End System"
+#define NID_ipsecEndSystem              294
+#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
+
+#define SN_ipsecTunnel          "ipsecTunnel"
+#define LN_ipsecTunnel          "IPSec Tunnel"
+#define NID_ipsecTunnel         295
+#define OBJ_ipsecTunnel         OBJ_id_kp,6L
+
+#define SN_ipsecUser            "ipsecUser"
+#define LN_ipsecUser            "IPSec User"
+#define NID_ipsecUser           296
+#define OBJ_ipsecUser           OBJ_id_kp,7L
+
+#define SN_time_stamp           "timeStamping"
+#define LN_time_stamp           "Time Stamping"
+#define NID_time_stamp          133
+#define OBJ_time_stamp          OBJ_id_kp,8L
+
+#define SN_OCSP_sign            "OCSPSigning"
+#define LN_OCSP_sign            "OCSP Signing"
+#define NID_OCSP_sign           180
+#define OBJ_OCSP_sign           OBJ_id_kp,9L
+
+#define SN_dvcs         "DVCS"
+#define LN_dvcs         "dvcs"
+#define NID_dvcs                297
+#define OBJ_dvcs                OBJ_id_kp,10L
+
+#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert         298
+#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes              299
+#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes               300
+#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg              301
+#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo               302
+#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
+
+#define SN_id_it_currentCRL             "id-it-currentCRL"
+#define NID_id_it_currentCRL            303
+#define OBJ_id_it_currentCRL            OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs               304
+#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest           305
+#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse          306
+#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq               307
+#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep               308
+#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase          "id-it-revPassphrase"
+#define NID_id_it_revPassphrase         309
+#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm               310
+#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime               311
+#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage                312
+#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
+
+#define SN_id_regCtrl           "id-regCtrl"
+#define NID_id_regCtrl          313
+#define OBJ_id_regCtrl          OBJ_id_pkip,1L
+
+#define SN_id_regInfo           "id-regInfo"
+#define NID_id_regInfo          314
+#define OBJ_id_regInfo          OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken         315
+#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator            316
+#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo               317
+#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions                318
+#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID                319
+#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey          320
+#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs                321
+#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq           "id-regInfo-certReq"
+#define NID_id_regInfo_certReq          322
+#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40         "id-alg-des40"
+#define NID_id_alg_des40                323
+#define OBJ_id_alg_des40                OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature           "id-alg-noSignature"
+#define NID_id_alg_noSignature          324
+#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1             325
+#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop                "id-alg-dh-pop"
+#define NID_id_alg_dh_pop               326
+#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo           327
+#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification                "id-cmc-identification"
+#define NID_id_cmc_identification               328
+#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof         "id-cmc-identityProof"
+#define NID_id_cmc_identityProof                329
+#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn           330
+#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId         "id-cmc-transactionId"
+#define NID_id_cmc_transactionId                331
+#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce          332
+#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce               333
+#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions                334
+#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP         335
+#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP         336
+#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness                337
+#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert               "id-cmc-getCert"
+#define NID_id_cmc_getCert              338
+#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL                "id-cmc-getCRL"
+#define NID_id_cmc_getCRL               339
+#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest                340
+#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo               "id-cmc-regInfo"
+#define NID_id_cmc_regInfo              341
+#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo         342
+#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending          "id-cmc-queryPending"
+#define NID_id_cmc_queryPending         343
+#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom                344
+#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness               345
+#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance                346
+#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
+
+#define SN_id_on_personalData           "id-on-personalData"
+#define NID_id_on_personalData          347
+#define OBJ_id_on_personalData          OBJ_id_on,1L
+
+#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth          348
+#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth         349
+#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
+
+#define SN_id_pda_pseudonym             "id-pda-pseudonym"
+#define NID_id_pda_pseudonym            350
+#define OBJ_id_pda_pseudonym            OBJ_id_pda,3L
+
+#define SN_id_pda_gender                "id-pda-gender"
+#define NID_id_pda_gender               351
+#define OBJ_id_pda_gender               OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship         352
+#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,5L
+
+#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence           353
+#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,6L
+
+#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo           354
+#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity               355
+#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity             356
+#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
+
+#define SN_id_aca_group         "id-aca-group"
+#define NID_id_aca_group                357
+#define OBJ_id_aca_group                OBJ_id_aca,4L
+
+#define SN_id_aca_role          "id-aca-role"
+#define NID_id_aca_role         358
+#define OBJ_id_aca_role         OBJ_id_aca,5L
+
+#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1              359
+#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
+
+#define SN_id_cct_crs           "id-cct-crs"
+#define NID_id_cct_crs          360
+#define OBJ_id_cct_crs          OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData               "id-cct-PKIData"
+#define NID_id_cct_PKIData              361
+#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse          362
+#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
+
+#define SN_ad_OCSP              "OCSP"
+#define LN_ad_OCSP              "OCSP"
+#define NID_ad_OCSP             178
+#define OBJ_ad_OCSP             OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers                "caIssuers"
+#define LN_ad_ca_issuers                "CA Issuers"
+#define NID_ad_ca_issuers               179
+#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#define SN_ad_timeStamping              "ad_timestamping"
+#define LN_ad_timeStamping              "AD Time Stamping"
+#define NID_ad_timeStamping             363
+#define OBJ_ad_timeStamping             OBJ_id_ad,3L
+
+#define SN_ad_dvcs              "AD_DVCS"
+#define LN_ad_dvcs              "ad dvcs"
+#define NID_ad_dvcs             364
+#define OBJ_ad_dvcs             OBJ_id_ad,4L
+
+#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic          365
+#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce           "Nonce"
+#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce          366
+#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID           "CrlID"
+#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID          367
+#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses            368
+#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck         "noCheck"
+#define NID_id_pkix_OCSP_noCheck                369
+#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff          370
+#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator         371
+#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus         372
+#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid           "valid"
+#define NID_id_pkix_OCSP_valid          373
+#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path            "path"
+#define NID_id_pkix_OCSP_path           374
+#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
+#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
+#define NID_id_pkix_OCSP_trustRoot              375
+#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm            "algorithm"
+#define LN_algorithm            "algorithm"
+#define NID_algorithm           376
+#define OBJ_algorithm           1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA           "RSA-NP-MD5"
+#define LN_md5WithRSA           "md5WithRSA"
+#define NID_md5WithRSA          104
+#define OBJ_md5WithRSA          OBJ_algorithm,3L
+
+#define SN_des_ecb              "DES-ECB"
+#define LN_des_ecb              "des-ecb"
+#define NID_des_ecb             29
+#define OBJ_des_ecb             OBJ_algorithm,6L
+
+#define SN_des_cbc              "DES-CBC"
+#define LN_des_cbc              "des-cbc"
+#define NID_des_cbc             31
+#define OBJ_des_cbc             OBJ_algorithm,7L
+
+#define SN_des_ofb64            "DES-OFB"
+#define LN_des_ofb64            "des-ofb"
+#define NID_des_ofb64           45
+#define OBJ_des_ofb64           OBJ_algorithm,8L
+
+#define SN_des_cfb64            "DES-CFB"
+#define LN_des_cfb64            "des-cfb"
+#define NID_des_cfb64           30
+#define OBJ_des_cfb64           OBJ_algorithm,9L
+
+#define SN_rsaSignature         "rsaSignature"
+#define NID_rsaSignature                377
+#define OBJ_rsaSignature                OBJ_algorithm,11L
+
+#define SN_dsa_2                "DSA-old"
+#define LN_dsa_2                "dsaEncryption-old"
+#define NID_dsa_2               67
+#define OBJ_dsa_2               OBJ_algorithm,12L
+
+#define SN_dsaWithSHA           "DSA-SHA"
+#define LN_dsaWithSHA           "dsaWithSHA"
+#define NID_dsaWithSHA          66
+#define OBJ_dsaWithSHA          OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption                42
+#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
+
+#define SN_des_ede              "DES-EDE"
+#define LN_des_ede              "des-ede"
+#define NID_des_ede             32
+#define OBJ_des_ede             OBJ_algorithm,17L
+
+#define SN_des_ede3             "DES-EDE3"
+#define LN_des_ede3             "des-ede3"
+#define NID_des_ede3            33
+
+#define SN_des_ede_cbc          "DES-EDE-CBC"
+#define LN_des_ede_cbc          "des-ede-cbc"
+#define NID_des_ede_cbc         43
+
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+
+#define SN_desx_cbc             "DESX-CBC"
+#define LN_desx_cbc             "desx-cbc"
+#define NID_desx_cbc            80
+
+#define SN_sha          "SHA"
+#define LN_sha          "sha"
+#define NID_sha         41
+#define OBJ_sha         OBJ_algorithm,18L
+
+#define SN_sha1         "SHA1"
+#define LN_sha1         "sha1"
+#define NID_sha1                64
+#define OBJ_sha1                OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2               70
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#define SN_sha1WithRSA          "RSA-SHA1-2"
+#define LN_sha1WithRSA          "sha1WithRSA"
+#define NID_sha1WithRSA         115
+#define OBJ_sha1WithRSA         OBJ_algorithm,29L
+
+#define SN_ripemd160            "RIPEMD160"
+#define LN_ripemd160            "ripemd160"
+#define NID_ripemd160           117
+#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+#define SN_sxnet                "SXNetID"
+#define LN_sxnet                "Strong Extranet ID"
+#define NID_sxnet               143
+#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
+
+#define SN_X500         "X500"
+#define LN_X500         "directory services (X.500)"
+#define NID_X500                11
+#define OBJ_X500                2L,5L
+
+#define SN_X509         "X509"
+#define NID_X509                12
+#define OBJ_X509                OBJ_X500,4L
+
+#define SN_commonName           "CN"
+#define LN_commonName           "commonName"
+#define NID_commonName          13
+#define OBJ_commonName          OBJ_X509,3L
+
+#define SN_surname              "S"
+#define LN_surname              "surname"
+#define NID_surname             100
+#define OBJ_surname             OBJ_X509,4L
+
+#define SN_serialNumber         "SN"
+#define LN_serialNumber         "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+
+#define SN_countryName          "C"
+#define LN_countryName          "countryName"
+#define NID_countryName         14
+#define OBJ_countryName         OBJ_X509,6L
+
+#define SN_localityName         "L"
+#define LN_localityName         "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+
+#define SN_organizationalUnitName               "OU"
+#define LN_organizationalUnitName               "organizationalUnitName"
+#define NID_organizationalUnitName              18
+#define OBJ_organizationalUnitName              OBJ_X509,11L
+
+#define SN_title                "T"
+#define LN_title                "title"
+#define NID_title               106
+#define OBJ_title               OBJ_X509,12L
+
+#define SN_description          "D"
+#define LN_description          "description"
+#define NID_description         107
+#define OBJ_description         OBJ_X509,13L
+
+#define SN_name         "name"
+#define LN_name         "name"
+#define NID_name                173
+#define OBJ_name                OBJ_X509,41L
+
+#define SN_givenName            "G"
+#define LN_givenName            "givenName"
+#define NID_givenName           99
+#define OBJ_givenName           OBJ_X509,42L
+
+#define SN_initials             "I"
+#define LN_initials             "initials"
+#define NID_initials            101
+#define OBJ_initials            OBJ_X509,43L
+
+#define SN_uniqueIdentifier             "UID"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_X509,45L
+
+#define SN_dnQualifier          "dnQualifier"
+#define LN_dnQualifier          "dnQualifier"
+#define NID_dnQualifier         174
+#define OBJ_dnQualifier         OBJ_X509,46L
+
+#define SN_X500algorithms               "X500algorithms"
+#define LN_X500algorithms               "directory services - algorithms"
+#define NID_X500algorithms              378
+#define OBJ_X500algorithms              OBJ_X500,8L
+
+#define SN_rsa          "RSA"
+#define LN_rsa          "rsa"
+#define NID_rsa         19
+#define OBJ_rsa         OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA          "RSA-MDC2"
+#define LN_mdc2WithRSA          "mdc2WithRSA"
+#define NID_mdc2WithRSA         96
+#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2         "MDC2"
+#define LN_mdc2         "mdc2"
+#define NID_mdc2                95
+#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce                "id-ce"
+#define NID_id_ce               81
+#define OBJ_id_ce               OBJ_X500,29L
+
+#define SN_subject_key_identifier               "subjectKeyIdentifier"
+#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier              82
+#define OBJ_subject_key_identifier              OBJ_id_ce,14L
+
+#define SN_key_usage            "keyUsage"
+#define LN_key_usage            "X509v3 Key Usage"
+#define NID_key_usage           83
+#define OBJ_key_usage           OBJ_id_ce,15L
+
+#define SN_private_key_usage_period             "privateKeyUsagePeriod"
+#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period            84
+#define OBJ_private_key_usage_period            OBJ_id_ce,16L
+
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#define SN_crl_number           "crlNumber"
+#define LN_crl_number           "X509v3 CRL Number"
+#define NID_crl_number          88
+#define OBJ_crl_number          OBJ_id_ce,20L
+
+#define SN_crl_reason           "CRLReason"
+#define LN_crl_reason           "X509v3 CRL Reason Code"
+#define NID_crl_reason          141
+#define OBJ_crl_reason          OBJ_id_ce,21L
+
+#define SN_invalidity_date              "invalidityDate"
+#define LN_invalidity_date              "Invalidity Date"
+#define NID_invalidity_date             142
+#define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#define SN_delta_crl            "deltaCRL"
+#define LN_delta_crl            "X509v3 Delta CRL Indicator"
+#define NID_delta_crl           140
+#define OBJ_delta_crl           OBJ_id_ce,27L
+
+#define SN_crl_distribution_points              "crlDistributionPoints"
+#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points             103
+#define OBJ_crl_distribution_points             OBJ_id_ce,31L
+
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies                89
+#define OBJ_certificate_policies                OBJ_id_ce,32L
+
+#define SN_authority_key_identifier             "authorityKeyIdentifier"
+#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier            90
+#define OBJ_authority_key_identifier            OBJ_id_ce,35L
+
+#define SN_ext_key_usage                "extendedKeyUsage"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#define NID_ext_key_usage               126
+#define OBJ_ext_key_usage               OBJ_id_ce,37L
+
+#define SN_netscape             "Netscape"
+#define LN_netscape             "Netscape Communications Corp."
+#define NID_netscape            57
+#define OBJ_netscape            2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension              "nsCertExt"
+#define LN_netscape_cert_extension              "Netscape Certificate Extension"
+#define NID_netscape_cert_extension             58
+#define OBJ_netscape_cert_extension             OBJ_netscape,1L
+
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url              "nsRevocationUrl"
+#define LN_netscape_revocation_url              "Netscape Revocation Url"
+#define NID_netscape_revocation_url             73
+#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url          74
+#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url                75
+#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url              76
+#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name             "nsSslServerName"
+#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name            77
+#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence               "nsCertSequence"
+#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence              79
+#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc               "nsSGC"
+#define LN_ns_sgc               "Netscape Server Gated Crypto"
+#define NID_ns_sgc              139
+#define OBJ_ns_sgc              OBJ_netscape,4L,1L
+
+#define SN_org          "ORG"
+#define LN_org          "org"
+#define NID_org         379
+#define OBJ_org         OBJ_iso,3L
+
+#define SN_dod          "DOD"
+#define LN_dod          "dod"
+#define NID_dod         380
+#define OBJ_dod         OBJ_org,6L
+
+#define SN_iana         "IANA"
+#define LN_iana         "iana"
+#define NID_iana                381
+#define OBJ_iana                OBJ_dod,1L
+
+#define OBJ_internet            OBJ_iana
+
+#define SN_Directory            "directory"
+#define LN_Directory            "Directory"
+#define NID_Directory           382
+#define OBJ_Directory           OBJ_internet,1L
+
+#define SN_Management           "mgmt"
+#define LN_Management           "Management"
+#define NID_Management          383
+#define OBJ_Management          OBJ_internet,2L
+
+#define SN_Experimental         "experimental"
+#define LN_Experimental         "Experimental"
+#define NID_Experimental                384
+#define OBJ_Experimental                OBJ_internet,3L
+
+#define SN_Private              "private"
+#define LN_Private              "Private"
+#define NID_Private             385
+#define OBJ_Private             OBJ_internet,4L
+
+#define SN_Security             "security"
+#define LN_Security             "Security"
+#define NID_Security            386
+#define OBJ_Security            OBJ_internet,5L
+
+#define SN_SNMPv2               "snmpv2"
+#define LN_SNMPv2               "SNMPv2"
+#define NID_SNMPv2              387
+#define OBJ_SNMPv2              OBJ_internet,6L
+
+#define SN_Mail         "mail"
+#define LN_Mail         "Mail"
+#define NID_Mail                388
+#define OBJ_Mail                OBJ_internet,7L
+
+#define SN_Enterprises          "enterprises"
+#define LN_Enterprises          "Enterprises"
+#define NID_Enterprises         389
+#define OBJ_Enterprises         OBJ_private,1L
+
+#define SN_dcObject             "dcobject"
+#define LN_dcObject             "dcObject"
+#define NID_dcObject            390
+#define OBJ_dcObject            OBJ_enterprises,1466L,344L
+
+#define SN_domainComponent              "DC"
+#define LN_domainComponent              "domainComponent"
+#define NID_domainComponent             391
+#define OBJ_domainComponent             0L,9L,2342L,19200300L,100L,1L,25L
+
+#define SN_Domain               "domain"
+#define LN_Domain               "Domain"
+#define NID_Domain              392
+#define OBJ_Domain              0L,9L,2342L,19200300L,100L,4L,13L
+
+#define SN_rle_compression              "RLE"
+#define LN_rle_compression              "run length compression"
+#define NID_rle_compression             124
+#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
+
+#define SN_zlib_compression             "ZLIB"
+#define LN_zlib_compression             "zlib compression"
+#define NID_zlib_compression            125
+#define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
+
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
new file mode 100644
index 0000000000..d73a51370f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -0,0 +1,392 @@
+undef           0
+rsadsi          1
+pkcs            2
+md2             3
+md5             4
+rc4             5
+rsaEncryption           6
+md2WithRSAEncryption            7
+md5WithRSAEncryption            8
+pbeWithMD2AndDES_CBC            9
+pbeWithMD5AndDES_CBC            10
+X500            11
+X509            12
+commonName              13
+countryName             14
+localityName            15
+stateOrProvinceName             16
+organizationName                17
+organizationalUnitName          18
+rsa             19
+pkcs7           20
+pkcs7_data              21
+pkcs7_signed            22
+pkcs7_enveloped         23
+pkcs7_signedAndEnveloped                24
+pkcs7_digest            25
+pkcs7_encrypted         26
+pkcs3           27
+dhKeyAgreement          28
+des_ecb         29
+des_cfb64               30
+des_cbc         31
+des_ede         32
+des_ede3                33
+idea_cbc                34
+idea_cfb64              35
+idea_ecb                36
+rc2_cbc         37
+rc2_ecb         38
+rc2_cfb64               39
+rc2_ofb64               40
+sha             41
+shaWithRSAEncryption            42
+des_ede_cbc             43
+des_ede3_cbc            44
+des_ofb64               45
+idea_ofb64              46
+pkcs9           47
+pkcs9_emailAddress              48
+pkcs9_unstructuredName          49
+pkcs9_contentType               50
+pkcs9_messageDigest             51
+pkcs9_signingTime               52
+pkcs9_countersignature          53
+pkcs9_challengePassword         54
+pkcs9_unstructuredAddress               55
+pkcs9_extCertAttributes         56
+netscape                57
+netscape_cert_extension         58
+netscape_data_type              59
+des_ede_cfb64           60
+des_ede3_cfb64          61
+des_ede_ofb64           62
+des_ede3_ofb64          63
+sha1            64
+sha1WithRSAEncryption           65
+dsaWithSHA              66
+dsa_2           67
+pbeWithSHA1AndRC2_CBC           68
+id_pbkdf2               69
+dsaWithSHA1_2           70
+netscape_cert_type              71
+netscape_base_url               72
+netscape_revocation_url         73
+netscape_ca_revocation_url              74
+netscape_renewal_url            75
+netscape_ca_policy_url          76
+netscape_ssl_server_name                77
+netscape_comment                78
+netscape_cert_sequence          79
+desx_cbc                80
+id_ce           81
+subject_key_identifier          82
+key_usage               83
+private_key_usage_period                84
+subject_alt_name                85
+issuer_alt_name         86
+basic_constraints               87
+crl_number              88
+certificate_policies            89
+authority_key_identifier                90
+bf_cbc          91
+bf_ecb          92
+bf_cfb64                93
+bf_ofb64                94
+mdc2            95
+mdc2WithRSA             96
+rc4_40          97
+rc2_40_cbc              98
+givenName               99
+surname         100
+initials                101
+uniqueIdentifier                102
+crl_distribution_points         103
+md5WithRSA              104
+serialNumber            105
+title           106
+description             107
+cast5_cbc               108
+cast5_ecb               109
+cast5_cfb64             110
+cast5_ofb64             111
+pbeWithMD5AndCast5_CBC          112
+dsaWithSHA1             113
+md5_sha1                114
+sha1WithRSA             115
+dsa             116
+ripemd160               117
+ripemd160WithRSA                119
+rc5_cbc         120
+rc5_ecb         121
+rc5_cfb64               122
+rc5_ofb64               123
+rle_compression         124
+zlib_compression                125
+ext_key_usage           126
+id_pkix         127
+id_kp           128
+server_auth             129
+client_auth             130
+code_sign               131
+email_protect           132
+time_stamp              133
+ms_code_ind             134
+ms_code_com             135
+ms_ctl_sign             136
+ms_sgc          137
+ms_efs          138
+ns_sgc          139
+delta_crl               140
+crl_reason              141
+invalidity_date         142
+sxnet           143
+pbe_WithSHA1And128BitRC4                144
+pbe_WithSHA1And40BitRC4         145
+pbe_WithSHA1And3_Key_TripleDES_CBC              146
+pbe_WithSHA1And2_Key_TripleDES_CBC              147
+pbe_WithSHA1And128BitRC2_CBC            148
+pbe_WithSHA1And40BitRC2_CBC             149
+keyBag          150
+pkcs8ShroudedKeyBag             151
+certBag         152
+crlBag          153
+secretBag               154
+safeContentsBag         155
+friendlyName            156
+localKeyID              157
+x509Certificate         158
+sdsiCertificate         159
+x509Crl         160
+pbes2           161
+pbmac1          162
+hmacWithSHA1            163
+id_qt_cps               164
+id_qt_unotice           165
+rc2_64_cbc              166
+SMIMECapabilities               167
+pbeWithMD2AndRC2_CBC            168
+pbeWithMD5AndRC2_CBC            169
+pbeWithSHA1AndDES_CBC           170
+ms_ext_req              171
+ext_req         172
+name            173
+dnQualifier             174
+id_pe           175
+id_ad           176
+info_access             177
+ad_OCSP         178
+ad_ca_issuers           179
+OCSP_sign               180
+iso             181
+member_body             182
+ISO_US          183
+X9_57           184
+X9cm            185
+pkcs1           186
+pkcs5           187
+SMIME           188
+id_smime_mod            189
+id_smime_ct             190
+id_smime_aa             191
+id_smime_alg            192
+id_smime_cd             193
+id_smime_spq            194
+id_smime_cti            195
+id_smime_mod_cms                196
+id_smime_mod_ess                197
+id_smime_mod_oid                198
+id_smime_mod_msg_v3             199
+id_smime_mod_ets_eSignature_88          200
+id_smime_mod_ets_eSignature_97          201
+id_smime_mod_ets_eSigPolicy_88          202
+id_smime_mod_ets_eSigPolicy_97          203
+id_smime_ct_receipt             204
+id_smime_ct_authData            205
+id_smime_ct_publishCert         206
+id_smime_ct_TSTInfo             207
+id_smime_ct_TDTInfo             208
+id_smime_ct_contentInfo         209
+id_smime_ct_DVCSRequestData             210
+id_smime_ct_DVCSResponseData            211
+id_smime_aa_receiptRequest              212
+id_smime_aa_securityLabel               213
+id_smime_aa_mlExpandHistory             214
+id_smime_aa_contentHint         215
+id_smime_aa_msgSigDigest                216
+id_smime_aa_encapContentType            217
+id_smime_aa_contentIdentifier           218
+id_smime_aa_macValue            219
+id_smime_aa_equivalentLabels            220
+id_smime_aa_contentReference            221
+id_smime_aa_encrypKeyPref               222
+id_smime_aa_signingCertificate          223
+id_smime_aa_smimeEncryptCerts           224
+id_smime_aa_timeStampToken              225
+id_smime_aa_ets_sigPolicyId             226
+id_smime_aa_ets_commitmentType          227
+id_smime_aa_ets_signerLocation          228
+id_smime_aa_ets_signerAttr              229
+id_smime_aa_ets_otherSigCert            230
+id_smime_aa_ets_contentTimestamp                231
+id_smime_aa_ets_CertificateRefs         232
+id_smime_aa_ets_RevocationRefs          233
+id_smime_aa_ets_certValues              234
+id_smime_aa_ets_revocationValues                235
+id_smime_aa_ets_escTimeStamp            236
+id_smime_aa_ets_certCRLTimestamp                237
+id_smime_aa_ets_archiveTimeStamp                238
+id_smime_aa_signatureType               239
+id_smime_aa_dvcs_dvc            240
+id_smime_alg_ESDHwith3DES               241
+id_smime_alg_ESDHwithRC2                242
+id_smime_alg_3DESwrap           243
+id_smime_alg_RC2wrap            244
+id_smime_alg_ESDH               245
+id_smime_alg_CMS3DESwrap                246
+id_smime_alg_CMSRC2wrap         247
+id_smime_cd_ldap                248
+id_smime_spq_ets_sqt_uri                249
+id_smime_spq_ets_sqt_unotice            250
+id_smime_cti_ets_proofOfOrigin          251
+id_smime_cti_ets_proofOfReceipt         252
+id_smime_cti_ets_proofOfDelivery                253
+id_smime_cti_ets_proofOfSender          254
+id_smime_cti_ets_proofOfApproval                255
+id_smime_cti_ets_proofOfCreation                256
+md4             257
+id_pkix_mod             258
+id_qt           259
+id_it           260
+id_pkip         261
+id_alg          262
+id_cmc          263
+id_on           264
+id_pda          265
+id_aca          266
+id_qcs          267
+id_cct          268
+id_pkix1_explicit_88            269
+id_pkix1_implicit_88            270
+id_pkix1_explicit_93            271
+id_pkix1_implicit_93            272
+id_mod_crmf             273
+id_mod_cmc              274
+id_mod_kea_profile_88           275
+id_mod_kea_profile_93           276
+id_mod_cmp              277
+id_mod_qualified_cert_88                278
+id_mod_qualified_cert_93                279
+id_mod_attribute_cert           280
+id_mod_timestamp_protocol               281
+id_mod_ocsp             282
+id_mod_dvcs             283
+id_mod_cmp2000          284
+biometricInfo           285
+qcStatements            286
+ac_auditEntity          287
+ac_targeting            288
+aaControls              289
+sbqp_ipAddrBlock                290
+sbqp_autonomousSysNum           291
+sbqp_routerIdentifier           292
+textNotice              293
+ipsecEndSystem          294
+ipsecTunnel             295
+ipsecUser               296
+dvcs            297
+id_it_caProtEncCert             298
+id_it_signKeyPairTypes          299
+id_it_encKeyPairTypes           300
+id_it_preferredSymmAlg          301
+id_it_caKeyUpdateInfo           302
+id_it_currentCRL                303
+id_it_unsupportedOIDs           304
+id_it_subscriptionRequest               305
+id_it_subscriptionResponse              306
+id_it_keyPairParamReq           307
+id_it_keyPairParamRep           308
+id_it_revPassphrase             309
+id_it_implicitConfirm           310
+id_it_confirmWaitTime           311
+id_it_origPKIMessage            312
+id_regCtrl              313
+id_regInfo              314
+id_regCtrl_regToken             315
+id_regCtrl_authenticator                316
+id_regCtrl_pkiPublicationInfo           317
+id_regCtrl_pkiArchiveOptions            318
+id_regCtrl_oldCertID            319
+id_regCtrl_protocolEncrKey              320
+id_regInfo_utf8Pairs            321
+id_regInfo_certReq              322
+id_alg_des40            323
+id_alg_noSignature              324
+id_alg_dh_sig_hmac_sha1         325
+id_alg_dh_pop           326
+id_cmc_statusInfo               327
+id_cmc_identification           328
+id_cmc_identityProof            329
+id_cmc_dataReturn               330
+id_cmc_transactionId            331
+id_cmc_senderNonce              332
+id_cmc_recipientNonce           333
+id_cmc_addExtensions            334
+id_cmc_encryptedPOP             335
+id_cmc_decryptedPOP             336
+id_cmc_lraPOPWitness            337
+id_cmc_getCert          338
+id_cmc_getCRL           339
+id_cmc_revokeRequest            340
+id_cmc_regInfo          341
+id_cmc_responseInfo             342
+id_cmc_queryPending             343
+id_cmc_popLinkRandom            344
+id_cmc_popLinkWitness           345
+id_cmc_confirmCertAcceptance            346
+id_on_personalData              347
+id_pda_dateOfBirth              348
+id_pda_placeOfBirth             349
+id_pda_pseudonym                350
+id_pda_gender           351
+id_pda_countryOfCitizenship             352
+id_pda_countryOfResidence               353
+id_aca_authenticationInfo               354
+id_aca_accessIdentity           355
+id_aca_chargingIdentity         356
+id_aca_group            357
+id_aca_role             358
+id_qcs_pkixQCSyntax_v1          359
+id_cct_crs              360
+id_cct_PKIData          361
+id_cct_PKIResponse              362
+ad_timeStamping         363
+ad_dvcs         364
+id_pkix_OCSP_basic              365
+id_pkix_OCSP_Nonce              366
+id_pkix_OCSP_CrlID              367
+id_pkix_OCSP_acceptableResponses                368
+id_pkix_OCSP_noCheck            369
+id_pkix_OCSP_archiveCutoff              370
+id_pkix_OCSP_serviceLocator             371
+id_pkix_OCSP_extendedStatus             372
+id_pkix_OCSP_valid              373
+id_pkix_OCSP_path               374
+id_pkix_OCSP_trustRoot          375
+algorithm               376
+rsaSignature            377
+X500algorithms          378
+org             379
+dod             380
+iana            381
+Directory               382
+Management              383
+Experimental            384
+Private         385
+Security                386
+SNMPv2          387
+Mail            388
+Enterprises             389
+dcObject                390
+domainComponent         391
+Domain          392
diff --git a/src/lib/libssl/src/crypto/objects/objects.README b/src/lib/libssl/src/crypto/objects/objects.README
new file mode 100644
index 0000000000..4d745508d8
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/objects.README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+        1 2 3 4         : shortName     : Long Name
+
+                If the long name doesn't contain spaces, or no short name
+                exists, the long name is used as basis for the base name
+                in C.  Otherwise, the short name is used.
+
+                The base name (let's call it 'base') will then be used to
+                create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+                Note that if the base name contains spaces, dashes or periods,
+                those will be converte to underscore.
+
+Then there are some extra commands:
+
+        !Alias foo 1 2 3 4
+
+                This juts makes a name foo for an OID.  The C macro
+                OBJ_foo will be created as a result.
+
+        !Cname foo
+
+                This makes sure that the name foo will be used as base name
+                in C.
+
+        !module foo
+        1 2 3 4         : shortName     : Long Name
+        !global
+
+                The !module command was meant to define a kind of modularity.
+                What it does is to make sure the module name is prepended
+                to the base name.  !global turns this off.  This construction
+                is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/src/lib/libssl/src/crypto/objects/objects.h b/src/lib/libssl/src/crypto/objects/objects.h
index 95c8a21568..c099e2e84e 100644
--- a/src/lib/libssl/src/crypto/objects/objects.h
+++ b/src/lib/libssl/src/crypto/objects/objects.h
@@ -59,10 +59,11 @@
 #ifndef HEADER_OBJECTS_H
 #define HEADER_OBJECTS_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
+#define USE_OBJ_MAC
 
+#ifdef USE_OBJ_MAC
+#include <openssl/obj_mac.h>
+#else
 #define SN_undef                        "UNDEF"
 #define LN_undef                        "undefined"
 #define NID_undef                       0
@@ -953,6 +954,7 @@ extern "C" {
 #define LN_OCSP_sign                    "OCSP Signing"
 #define NID_OCSP_sign                   180
 #define OBJ_OCSP_sign                   OBJ_id_kp,9L
+#endif /* USE_OBJ_MAC */
 
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
@@ -967,6 +969,10 @@ extern "C" {
 #define OBJ_NAME_ALIAS          0x8000
 
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct obj_name_st
         {
         int type;
@@ -979,8 +985,8 @@ typedef struct obj_name_st
 
 
 int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(),int (*cmp_func)(),
-        void (*free_func)());
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),int (*cmp_func)(const void *, const void *),
+        void (*free_func)(const char *, int, const char *));
 const char *OBJ_NAME_get(const char *name,int type);
 int OBJ_NAME_add(const char *name,int type,const char *data);
 int OBJ_NAME_remove(const char *name,int type);
@@ -997,7 +1003,7 @@ int		OBJ_txt2nid(char *s);
 int             OBJ_ln2nid(const char *s);
 int             OBJ_sn2nid(const char *s);
 int             OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
-char *          OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)());
+char *          OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)(const void *, const void *));
 
 void            ERR_load_OBJ_strings(void );
 
diff --git a/src/lib/libssl/src/crypto/objects/objects.pl b/src/lib/libssl/src/crypto/objects/objects.pl
new file mode 100644
index 0000000000..c956bbb841
--- /dev/null
+++ b/src/lib/libssl/src/crypto/objects/objects.pl
@@ -0,0 +1,224 @@
+#!/usr/local/bin/perl
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+        {
+        chop;
+        $o++;
+        s/#.*$//;
+        next if /^\s*$/;
+        ($Cname,$mynum) = split;
+        if (defined($nidn{$mynum}))
+                { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+        $nid{$Cname} = $mynum;
+        $nidn{$mynum} = $Cname;
+        $order{$mynum} = $o;
+        $max_nid = $mynum if $mynum > $max_nid;
+        }
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+        {
+        chop;
+        $o++;
+        if (/^!module\s+(.*)$/)
+                {
+                $module = $1."-";
+                $module =~ s/\./_/g;
+                $module =~ s/-/_/g;
+                }
+        if (/^!global$/)
+                { $module = ""; }
+        if (/^!Cname\s+(.*)$/)
+                { $Cname = $1; }
+        if (/^!Alias\s+(.+?)\s+(.*)$/)
+                {
+                $Cname = $module.$1;
+                $myoid = $2;
+                $myoid = &process_oid($myoid);
+                $Cname =~ s/-/_/g;
+                $ordern{$o} = $Cname;
+                $order{$Cname} = $o;
+                $obj{$Cname} = $myoid;
+                $_ = "";
+                $Cname = "";
+                }
+        s/!.*$//;
+        s/#.*$//;
+        next if /^\s*$/;
+        ($myoid,$mysn,$myln) = split ':';
+        $mysn =~ s/^\s*//;
+        $mysn =~ s/\s*$//;
+        $myln =~ s/^\s*//;
+        $myln =~ s/\s*$//;
+        $myoid =~ s/^\s*//;
+        $myoid =~ s/\s*$//;
+        if ($myoid ne "")
+                {
+                $myoid = &process_oid($myoid);
+                }
+
+        if ($Cname eq "" && !($myln =~ / /))
+                {
+                $Cname = $myln;
+                $Cname =~ s/\./_/g;
+                $Cname =~ s/-/_/g;
+                if ($Cname ne "" && defined($ln{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        if ($Cname eq "")
+                {
+                $Cname = $mysn;
+                $Cname =~ s/-/_/g;
+                if ($Cname ne "" && defined($sn{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        if ($Cname eq "")
+                {
+                $Cname = $myln;
+                $Cname =~ s/-/_/g;
+                $Cname =~ s/\./_/g;
+                $Cname =~ s/ /_/g;
+                if ($Cname ne "" && defined($ln{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        $Cname =~ s/\./_/g;
+        $Cname =~ s/-/_/g;
+        $Cname = $module.$Cname;
+        $ordern{$o} = $Cname;
+        $order{$Cname} = $o;
+        $sn{$Cname} = $mysn;
+        $ln{$Cname} = $myln;
+        $obj{$Cname} = $myoid;
+        if (!defined($nid{$Cname}))
+                {
+                $max_nid++;
+                $nid{$Cname} = $max_nid;
+                $nidn{$max_nid} = $Cname;
+                }
+        $Cname="";
+        }
+close IN;
+
+open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+foreach (sort { $a <=> $b } keys %nidn)
+        {
+        print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+        }
+close NUMOUT;
+
+open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+print OUT <<'EOF';
+/* lib/obj/obj_mac.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+ * following command:
+ * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+EOF
+
+foreach (sort { $a <=> $b } keys %ordern)
+        {
+        $Cname=$ordern{$_};
+        print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
+        print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
+        print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
+        print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
+        print OUT "\n";
+        }
+
+close OUT;
+
+sub process_oid
+        {
+        local($oid)=@_;
+        local(@a,$oid_pref);
+
+        @a = split(/\s+/,$myoid);
+        $pref_oid = "";
+        $pref_sep = "";
+        if (!($a[0] =~ /^[0-9]+$/))
+                {
+                $a[0] =~ s/-/_/g;
+                $pref_oid = "OBJ_" . $a[0];
+                $pref_sep = ",";
+                shift @a;
+                }
+        $oids = join('L,',@a) . "L";
+        if ($oids ne "L")
+                {
+                $oids = $pref_oid . $pref_sep . $oids;
+                }
+        else
+                {
+                $oids = $pref_oid;
+                }
+        return($oids);
+        }
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index cb276e90e9..3d443cf884 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -1,40 +1,593 @@
-1 2                     : ISO member bodies
-1 2 840                 : US (ANSI)
-1 2 840 113549          : rsadsi        : RSA Data Security, Inc.
-1 2 840 113549 1        : pkcs          : RSA Data Security, Inc. PKCS
-1 2 840 113549 1 1 1    : rsaEncryption
-1 2 840 113549 1 1 2    : md2withRSAEncryption
-1 2 840 113549 1 1 4    : md5withRSAEncryption
-1 2 840 113549 1 7      : pkcs-7
-1 2 840 113549 1 7 1    : pkcs-7-data
-1 2 840 113549 1 7 2    : pkcs-7-signedData
-1 2 840 113549 1 7 3    : pkcs-7-envelopedData
-1 2 840 113549 1 7 4    : pkcs-7-signedAndEnvelopedData
-1 2 840 113549 1 7 5    : pkcs-7-digestData
-1 2 840 113549 1 7 6    : pkcs-7-encryptedData
-1 2 840 113549 2 2      : md2
-1 2 840 113549 2 4      : md4
-1 2 840 113549 2 5      : md5
-1 2 840 113549 3 4      : rc4
-1 2 840 113549 5 1      : pbeWithMD2AndDES_CBC
-1 2 840 113549 5 3      : pbeWithMD5AndDES_CBC
-2 5                     : X500          : directory services (X.500)
-2 5 4                   : X509
-2 5 4 3                 : commonName
-2 5 4 6                 : countryName
-2 5 4 7                 : localityName
-2 5 4 8                 : stateOrProvinceName
-2 5 4 10                : organizationName
-2 5 4 11                : organizationalUnitName
-2 5 8                   : directory services - algorithms
-2 5 8 1 1               : rsa
-
-algorithm 18            : sha
-encryptionAlgorithm 1   : rsa
+1                       : ISO                   : iso
+
+iso 2                   : member-body           : ISO Member Body
+
+member-body 840         : ISO-US                : ISO US Member Body
+ISO-US 10040            : X9-57                 : X9.57
+X9-57 4                 : X9cm                  : X9.57 CM ?
+
+!Cname dsa
+X9cm 1                  : DSA                   : dsaEncryption
+X9cm 3                  : DSA-SHA1              : dsaWithSHA1
+
+ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
+                        : CAST5-ECB             : cast5-ecb
+!Cname cast5-cfb64
+                        : CAST5-CFB             : cast5-cfb
+!Cname cast5-ofb64
+                        : CAST5-OFB             : cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12   :                       : pbeWithMD5AndCast5CBC
+
+ISO-US 113549           : rsadsi                : RSA Data Security, Inc.
+
+rsadsi 1                : pkcs                  : RSA Data Security, Inc. PKCS
+
+pkcs 1                  : pkcs1
+pkcs1 1                 :                       : rsaEncryption
+pkcs1 2                 : RSA-MD2               : md2WithRSAEncryption
+pkcs1 4                 : RSA-MD5               : md5WithRSAEncryption
+pkcs1 5                 : RSA-SHA1              : sha1WithRSAEncryption
+
+pkcs 3                  : pkcs3
+pkcs3 1                 :                       : dhKeyAgreement
+
+pkcs 5                  : pkcs5
+pkcs5 1                 : PBE-MD2-DES           : pbeWithMD2AndDES-CBC
+pkcs5 3                 : PBE-MD5-DES           : pbeWithMD5AndDES-CBC
+pkcs5 4                 : PBE-MD2-RC2-64        : pbeWithMD2AndRC2-CBC
+pkcs5 6                 : PBE-MD5-RC2-64        : pbeWithMD5AndRC2-CBC
+pkcs5 10                : PBE-SHA1-DES          : pbeWithSHA1AndDES-CBC
+pkcs5 11                : PBE-SHA1-RC2-64       : pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12                :                       : PBKDF2
+!Cname pbes2
+pkcs5 13                :                       : PBES2
+!Cname pbmac1
+pkcs5 14                :                       : PBMAC1
+
+pkcs 7                  : pkcs7
+pkcs7 1                 :                       : pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2                 :                       : pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3                 :                       : pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4                 :                       : pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5                 :                       : pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6                 :                       : pkcs7-encryptedData
+
+pkcs 9                  : pkcs9
+!module pkcs9
+pkcs9 1                 : Email                 : emailAddress
+pkcs9 2                 :                       : unstructuredName
+pkcs9 3                 :                       : contentType
+pkcs9 4                 :                       : messageDigest
+pkcs9 5                 :                       : signingTime
+pkcs9 6                 :                       : countersignature
+pkcs9 7                 :                       : challengePassword
+pkcs9 8                 :                       : unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9                 :                       : extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14                : extReq                : Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15                : SMIME-CAPS            : S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16                : SMIME                 : S/MIME
+SMIME 0                 : id-smime-mod
+SMIME 1                 : id-smime-ct
+SMIME 2                 : id-smime-aa
+SMIME 3                 : id-smime-alg
+SMIME 4                 : id-smime-cd
+SMIME 5                 : id-smime-spq
+SMIME 6                 : id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1          : id-smime-mod-cms
+id-smime-mod 2          : id-smime-mod-ess
+id-smime-mod 3          : id-smime-mod-oid
+id-smime-mod 4          : id-smime-mod-msg-v3
+id-smime-mod 5          : id-smime-mod-ets-eSignature-88
+id-smime-mod 6          : id-smime-mod-ets-eSignature-97
+id-smime-mod 7          : id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8          : id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1           : id-smime-ct-receipt
+id-smime-ct 2           : id-smime-ct-authData
+id-smime-ct 3           : id-smime-ct-publishCert
+id-smime-ct 4           : id-smime-ct-TSTInfo
+id-smime-ct 5           : id-smime-ct-TDTInfo
+id-smime-ct 6           : id-smime-ct-contentInfo
+id-smime-ct 7           : id-smime-ct-DVCSRequestData
+id-smime-ct 8           : id-smime-ct-DVCSResponseData
+
+# S/MIME Attributes
+id-smime-aa 1           : id-smime-aa-receiptRequest
+id-smime-aa 2           : id-smime-aa-securityLabel
+id-smime-aa 3           : id-smime-aa-mlExpandHistory
+id-smime-aa 4           : id-smime-aa-contentHint
+id-smime-aa 5           : id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6           : id-smime-aa-encapContentType
+id-smime-aa 7           : id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8           : id-smime-aa-macValue
+id-smime-aa 9           : id-smime-aa-equivalentLabels
+id-smime-aa 10          : id-smime-aa-contentReference
+id-smime-aa 11          : id-smime-aa-encrypKeyPref
+id-smime-aa 12          : id-smime-aa-signingCertificate
+id-smime-aa 13          : id-smime-aa-smimeEncryptCerts
+id-smime-aa 14          : id-smime-aa-timeStampToken
+id-smime-aa 15          : id-smime-aa-ets-sigPolicyId
+id-smime-aa 16          : id-smime-aa-ets-commitmentType
+id-smime-aa 17          : id-smime-aa-ets-signerLocation
+id-smime-aa 18          : id-smime-aa-ets-signerAttr
+id-smime-aa 19          : id-smime-aa-ets-otherSigCert
+id-smime-aa 20          : id-smime-aa-ets-contentTimestamp
+id-smime-aa 21          : id-smime-aa-ets-CertificateRefs
+id-smime-aa 22          : id-smime-aa-ets-RevocationRefs
+id-smime-aa 23          : id-smime-aa-ets-certValues
+id-smime-aa 24          : id-smime-aa-ets-revocationValues
+id-smime-aa 25          : id-smime-aa-ets-escTimeStamp
+id-smime-aa 26          : id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27          : id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28          : id-smime-aa-signatureType
+id-smime-aa 29          : id-smime-aa-dvcs-dvc
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1          : id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2          : id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3          : id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4          : id-smime-alg-RC2wrap
+id-smime-alg 5          : id-smime-alg-ESDH
+id-smime-alg 6          : id-smime-alg-CMS3DESwrap
+id-smime-alg 7          : id-smime-alg-CMSRC2wrap
+
+# S/MIME Certificate Distribution
+id-smime-cd 1           : id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1          : id-smime-spq-ets-sqt-uri
+id-smime-spq 2          : id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1          : id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2          : id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3          : id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4          : id-smime-cti-ets-proofOfSender
+id-smime-cti 5          : id-smime-cti-ets-proofOfApproval
+id-smime-cti 6          : id-smime-cti-ets-proofOfCreation
+
+pkcs9 20                :                       : friendlyName
+pkcs9 21                :                       : localKeyID
+!Alias certTypes pkcs9 22
+certTypes 1             :                       : x509Certificate
+certTypes 2             :                       : sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1              :                       : x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1         : PBE-SHA1-RC4-128      : pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2         : PBE-SHA1-RC4-40       : pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3         : PBE-SHA1-3DES         : pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4         : PBE-SHA1-2DES         : pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5         : PBE-SHA1-RC2-128      : pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6         : PBE-SHA1-RC2-40       : pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1         :                       : keyBag
+pkcs12-BagIds 2         :                       : pkcs8ShroudedKeyBag
+pkcs12-BagIds 3         :                       : certBag
+pkcs12-BagIds 4         :                       : crlBag
+pkcs12-BagIds 5         :                       : secretBag
+pkcs12-BagIds 6         :                       : safeContentsBag
+
+rsadsi 2 2              : MD2                   : md2
+rsadsi 2 4              : MD4                   : md4
+rsadsi 2 5              : MD5                   : md5
+                        : MD5-SHA1              : md5-sha1
+rsadsi 2 7              :                       : hmacWithSHA1
+rsadsi 3 2              : RC2-CBC               : rc2-cbc
+                        : RC2-ECB               : rc2-ecb
+!Cname rc2-cfb64
+                        : RC2-CFB               : rc2-cfb
+!Cname rc2-ofb64
+                        : RC2-OFB               : rc2-ofb
+                        : RC2-40-CBC            : rc2-40-cbc
+                        : RC2-64-CBC            : rc2-64-cbc
+rsadsi 3 4              : RC4                   : rc4
+                        : RC4-40                : rc4-40
+rsadsi 3 7              : DES-EDE3-CBC          : des-ede3-cbc
+rsadsi 3 8              : RC5-CBC               : rc5-cbc
+                        : RC5-ECB               : rc5-ecb
+!Cname rc5-cfb64
+                        : RC5-CFB               : rc5-cfb
+!Cname rc5-ofb64
+                        : RC5-OFB               : rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14  : msExtReq              : Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21  : msCodeInd             : Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22  : msCodeCom             : Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1  : msCTLSign             : Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3  : msSGC                 : Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4  : msEFS                 : Microsoft Encrypted File System
+
+1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC              : idea-cbc
+                        : IDEA-ECB              : idea-ecb
+!Cname idea-cfb64
+                        : IDEA-CFB              : idea-cfb
+!Cname idea-ofb64
+                        : IDEA-OFB              : idea-ofb
+
+1 3 6 1 4 1 3029 1 2    : BF-CBC                : bf-cbc
+                        : BF-ECB                : bf-ecb
+!Cname bf-cfb64
+                        : BF-CFB                : bf-cfb
+!Cname bf-ofb64
+                        : BF-OFB                : bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7           : PKIX
+
+# PKIX Arcs
+id-pkix 0               : id-pkix-mod
+id-pkix 1               : id-pe
+id-pkix 2               : id-qt
+id-pkix 3               : id-kp
+id-pkix 4               : id-it
+id-pkix 5               : id-pkip
+id-pkix 6               : id-alg
+id-pkix 7               : id-cmc
+id-pkix 8               : id-on
+id-pkix 9               : id-pda
+id-pkix 10              : id-aca
+id-pkix 11              : id-qcs
+id-pkix 12              : id-cct
+id-pkix 48              : id-ad
+
+# PKIX Modules
+id-pkix-mod 1           : id-pkix1-explicit-88
+id-pkix-mod 2           : id-pkix1-implicit-88
+id-pkix-mod 3           : id-pkix1-explicit-93
+id-pkix-mod 4           : id-pkix1-implicit-93
+id-pkix-mod 5           : id-mod-crmf
+id-pkix-mod 6           : id-mod-cmc
+id-pkix-mod 7           : id-mod-kea-profile-88
+id-pkix-mod 8           : id-mod-kea-profile-93
+id-pkix-mod 9           : id-mod-cmp
+id-pkix-mod 10          : id-mod-qualified-cert-88
+id-pkix-mod 11          : id-mod-qualified-cert-93
+id-pkix-mod 12          : id-mod-attribute-cert
+id-pkix-mod 13          : id-mod-timestamp-protocol
+id-pkix-mod 14          : id-mod-ocsp
+id-pkix-mod 15          : id-mod-dvcs
+id-pkix-mod 16          : id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1                 : authorityInfoAccess   : Authority Information Access
+id-pe 2                 : biometricInfo         : Biometric Info
+id-pe 3                 : qcStatements
+id-pe 4                 : ac-auditEntity
+id-pe 5                 : ac-targeting
+id-pe 6                 : aaControls
+id-pe 7                 : sbqp-ipAddrBlock
+id-pe 8                 : sbqp-autonomousSysNum
+id-pe 9                 : sbqp-routerIdentifier
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1                 : id-qt-cps             : Policy Qualifier CPS
+id-qt 2                 : id-qt-unotice         : Policy Qualifier User Notice
+id-qt 3                 : textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1                 : serverAuth            : TLS Web Server Authentication
+!Cname client-auth
+id-kp 2                 : clientAuth            : TLS Web Client Authentication
+!Cname code-sign
+id-kp 3                 : codeSigning           : Code Signing
+!Cname email-protect
+id-kp 4                 : emailProtection       : E-mail Protection
+id-kp 5                 : ipsecEndSystem        : IPSec End System
+id-kp 6                 : ipsecTunnel           : IPSec Tunnel
+id-kp 7                 : ipsecUser             : IPSec User
+!Cname time-stamp
+id-kp 8                 : timeStamping          : Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9                 : OCSPSigning           : OCSP Signing
+id-kp 10                : DVCS                  : dvcs
+
+# CMP information types
+id-it 1                 : id-it-caProtEncCert
+id-it 2                 : id-it-signKeyPairTypes
+id-it 3                 : id-it-encKeyPairTypes
+id-it 4                 : id-it-preferredSymmAlg
+id-it 5                 : id-it-caKeyUpdateInfo
+id-it 6                 : id-it-currentCRL
+id-it 7                 : id-it-unsupportedOIDs
+# obsolete
+id-it 8                 : id-it-subscriptionRequest
+# obsolete
+id-it 9                 : id-it-subscriptionResponse
+id-it 10                : id-it-keyPairParamReq
+id-it 11                : id-it-keyPairParamRep
+id-it 12                : id-it-revPassphrase
+id-it 13                : id-it-implicitConfirm
+id-it 14                : id-it-confirmWaitTime
+id-it 15                : id-it-origPKIMessage
+
+# CRMF registration
+id-pkip 1               : id-regCtrl
+id-pkip 2               : id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1            : id-regCtrl-regToken
+id-regCtrl 2            : id-regCtrl-authenticator
+id-regCtrl 3            : id-regCtrl-pkiPublicationInfo
+id-regCtrl 4            : id-regCtrl-pkiArchiveOptions
+id-regCtrl 5            : id-regCtrl-oldCertID
+id-regCtrl 6            : id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1            : id-regInfo-utf8Pairs
+id-regInfo 2            : id-regInfo-certReq
+
+# algorithms
+id-alg 1                : id-alg-des40
+id-alg 2                : id-alg-noSignature
+id-alg 3                : id-alg-dh-sig-hmac-sha1
+id-alg 4                : id-alg-dh-pop
+
+# CMC controls
+id-cmc 1                : id-cmc-statusInfo
+id-cmc 2                : id-cmc-identification
+id-cmc 3                : id-cmc-identityProof
+id-cmc 4                : id-cmc-dataReturn
+id-cmc 5                : id-cmc-transactionId
+id-cmc 6                : id-cmc-senderNonce
+id-cmc 7                : id-cmc-recipientNonce
+id-cmc 8                : id-cmc-addExtensions
+id-cmc 9                : id-cmc-encryptedPOP
+id-cmc 10               : id-cmc-decryptedPOP
+id-cmc 11               : id-cmc-lraPOPWitness
+id-cmc 15               : id-cmc-getCert
+id-cmc 16               : id-cmc-getCRL
+id-cmc 17               : id-cmc-revokeRequest
+id-cmc 18               : id-cmc-regInfo
+id-cmc 19               : id-cmc-responseInfo
+id-cmc 21               : id-cmc-queryPending
+id-cmc 22               : id-cmc-popLinkRandom
+id-cmc 23               : id-cmc-popLinkWitness
+id-cmc 24               : id-cmc-confirmCertAcceptance 
+
+# other names
+id-on 1                 : id-on-personalData
+
+# personal data attributes
+id-pda 1                : id-pda-dateOfBirth
+id-pda 2                : id-pda-placeOfBirth
+id-pda 3                : id-pda-pseudonym
+id-pda 4                : id-pda-gender
+id-pda 5                : id-pda-countryOfCitizenship
+id-pda 6                : id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1                : id-aca-authenticationInfo
+id-aca 2                : id-aca-accessIdentity
+id-aca 3                : id-aca-chargingIdentity
+id-aca 4                : id-aca-group
+id-aca 5                : id-aca-role
+
+# qualified certificate statements
+id-qcs 1                : id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1                : id-cct-crs
+id-cct 2                : id-cct-PKIData
+id-cct 3                : id-cct-PKIResponse
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1                 : OCSP                  : OCSP
+!Cname ad-ca-issuers
+id-ad 2                 : caIssuers             : CA Issuers
+!Cname ad-timeStamping
+id-ad 3                 : ad_timestamping       : AD Time Stamping
+!Cname ad-dvcs
+id-ad 4                 : AD_DVCS               : ad dvcs
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1          : basicOCSPResponse     : Basic OCSP Response
+id-pkix-OCSP 2          : Nonce                 : OCSP Nonce
+id-pkix-OCSP 3          : CrlID                 : OCSP CRL ID
+id-pkix-OCSP 4          : acceptableResponses   : Acceptable OCSP Responses
+id-pkix-OCSP 5          : noCheck
+id-pkix-OCSP 6          : archiveCutoff         : OCSP Archive Cutoff
+id-pkix-OCSP 7          : serviceLocator        : OCSP Service Locator
+id-pkix-OCSP 8          : extendedStatus        : Extended OCSP Status
+id-pkix-OCSP 9          : valid
+id-pkix-OCSP 10         : path
+id-pkix-OCSP 11         : trustRoot             : Trust Root
+!global
+
+1 3 14 3 2              : algorithm             : algorithm
+algorithm 3             : RSA-NP-MD5            : md5WithRSA
+algorithm 6             : DES-ECB               : des-ecb
+algorithm 7             : DES-CBC               : des-cbc
+!Cname des-ofb64
+algorithm 8             : DES-OFB               : des-ofb
+!Cname des-cfb64
+algorithm 9             : DES-CFB               : des-cfb
 algorithm 11            : rsaSignature
+!Cname dsa-2
+algorithm 12            : DSA-old               : dsaEncryption-old
+algorithm 13            : DSA-SHA               : dsaWithSHA
+algorithm 15            : RSA-SHA               : shaWithRSAEncryption
+algorithm 17            : DES-EDE               : des-ede
+                        : DES-EDE3              : des-ede3
+                        : DES-EDE-CBC           : des-ede-cbc
+!Cname des-ede-cfb64
+                        : DES-EDE-CFB           : des-ede-cfb
+!Cname des-ede3-cfb64
+                        : DES-EDE3-CFB          : des-ede3-cfb
+!Cname des-ede-ofb64
+                        : DES-EDE-OFB           : des-ede-ofb
+!Cname des-ede3-ofb64
+                        : DES-EDE3-OFB          : des-ede3-ofb
+                        : DESX-CBC              : desx-cbc
+algorithm 18            : SHA                   : sha
+algorithm 26            : SHA1                  : sha1
+!Cname dsaWithSHA1-2
+algorithm 27            : DSA-SHA1-old          : dsaWithSHA1-old
+algorithm 29            : RSA-SHA1-2            : sha1WithRSA
+
+1 3 36 3 2 1            : RIPEMD160             : ripemd160
+1 3 36 3 3 1 2          : RSA-RIPEMD160         : ripemd160WithRSA
+
+!Cname sxnet
+1 3 101 1 4 1           : SXNetID               : Strong Extranet ID
+
+2 5                     : X500                  : directory services (X.500)
+
+X500 4                  : X509
+X509 3                  : CN                    : commonName
+X509 4                  : S                     : surname
+X509 5                  : SN                    : serialNumber
+X509 6                  : C                     : countryName
+X509 7                  : L                     : localityName
+X509 8                  : ST                    : stateOrProvinceName
+X509 10                 : O                     : organizationName
+X509 11                 : OU                    : organizationalUnitName
+X509 12                 : T                     : title
+X509 13                 : D                     : description
+X509 41                 : name                  : name
+X509 42                 : G                     : givenName
+X509 43                 : I                     : initials
+X509 45                 : UID                   : uniqueIdentifier
+X509 46                 : dnQualifier           : dnQualifier
+
+X500 8                  : X500algorithms        : directory services - algorithms
+X500algorithms 1 1      : RSA                   : rsa
+X500algorithms 3 100    : RSA-MDC2              : mdc2WithRSA
+X500algorithms 3 101    : MDC2                  : mdc2
+
+X500 29                 : id-ce
+!Cname subject-key-identifier
+id-ce 14                : subjectKeyIdentifier  : X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15                : keyUsage              : X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16                : privateKeyUsagePeriod : X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17                : subjectAltName        : X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18                : issuerAltName         : X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19                : basicConstraints      : X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20                : crlNumber             : X509v3 CRL Number
+!Cname crl-reason
+id-ce 21                : CRLReason             : X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24                : invalidityDate        : Invalidity Date
+!Cname delta-crl
+id-ce 27                : deltaCRL              : X509v3 Delta CRL Indicator
+!Cname crl-distribution-points
+id-ce 31                : crlDistributionPoints : X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
+!Cname authority-key-identifier
+id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname ext-key-usage
+id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
+
+!Cname netscape
+2 16 840 1 113730       : Netscape              : Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1              : nsCertExt             : Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2              : nsDataType            : Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType          : Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl           : Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl     : Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl   : Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl        : Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl       : Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName    : Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment          : Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5    : nsCertSequence        : Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1            : nsSGC                 : Netscape Server Gated Crypto
+
+# iso(1)
+iso 3                   : ORG                   : org
+org 6                   : DOD                   : dod
+dod 1                   : IANA                  : iana
+!Alias internet iana
+
+internet 1              : directory             : Directory
+internet 2              : mgmt                  : Management
+internet 3              : experimental          : Experimental
+internet 4              : private               : Private
+internet 5              : security              : Security
+internet 6              : snmpv2                : SNMPv2
+internet 7              : mail                  : Mail
+
+private 1               : enterprises           : Enterprises
+
+# RFC 2247
+enterprises 1466 344    : dcobject              : dcObject
+
+# Stray OIDs we don't know the full name of each step for
+# RFC 2247
+0 9 2342 19200300 100 1 25 : DC                 : domainComponent
+0 9 2342 19200300 100 4 13 : domain             : Domain
+
+# What the hell are these OIDs, really?
+!Cname rle-compression
+1 1 1 1 666 1           : RLE                   : run length compression
+!Cname zlib-compression
+1 1 1 1 666 2           : ZLIB                  : zlib compression
 
-algorithm 6             : desECB
-algorithm 7             : desCBC
-algorithm 8             : desOFB
-algorithm 9             : desCFB
-algorithm 17            : desEDE2
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index 55ec97389f..6b5aedeea6 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,8 +25,61 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x0090581fL
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.5a 1 Apr 2000"
+#define OPENSSL_VERSION_NUMBER  0x0090600fL
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.6 [engine] 24 Sep 2000"
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
+
+/* The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On True64 it works a little bit differently.  There, the shared library
+ * version is stored in the file, and is actually a series of versions,
+ * separated by colons.  The rightmost version present in the library when
+ * linking an application is stored in the application to be matched at
+ * run time.  When the application is run, a check is done to see if the
+ * library version stored in the application matches any of the versions
+ * in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of True64 and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+#define SHLIB_VERSION_HISTORY ""
+#define SHLIB_VERSION_NUMBER "0.9.6"
+
+
 #endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libssl/src/crypto/pem/Makefile.ssl b/src/lib/libssl/src/crypto/pem/Makefile.ssl
index b95b2b615a..97af8255a3 100644
--- a/src/lib/libssl/src/crypto/pem/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pem/Makefile.ssl
@@ -86,25 +86,29 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 pem_all.o: ../cryptlib.h
 pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-pem_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pem_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-pem_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
@@ -112,7 +116,8 @@ pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_err.o: ../../include/openssl/x509_vfy.h
 pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -120,17 +125,19 @@ pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_info.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
 pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_info.o: ../cryptlib.h
+pem_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -138,16 +145,18 @@ pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 pem_lib.o: ../cryptlib.h
 pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -157,17 +166,20 @@ pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
 pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_seal.o: ../cryptlib.h
 pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -175,14 +187,17 @@ pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
 pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_sign.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h
index e4bae0b4aa..6d3c446577 100644
--- a/src/lib/libssl/src/crypto/pem/pem.h
+++ b/src/lib/libssl/src/crypto/pem/pem.h
@@ -59,14 +59,20 @@
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef NO_STACK
+#include <openssl/stack.h>
 #endif
-
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem2.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #define PEM_BUFSIZE             1024
 
 #define PEM_OBJ_UNDEF           0
@@ -165,7 +171,7 @@ typedef struct pem_ctx_st
         int num_recipient;
         PEM_USER **recipient;
 
-#ifdef HEADER_STACK_H
+#ifndef NO_STACK
         STACK *x509_chain;      /* certificate chain */
 #else
         char *x509_chain;       /* certificate chain */
@@ -289,7 +295,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 #define DECLARE_PEM_read_bio(name, type) \
         type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
 
@@ -477,7 +483,7 @@ int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
         pem_password_cb *callback,void *u);
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     PEM_read_bio(BIO *bp, char **name, char **header,
                 unsigned char **data,long *len);
 int     PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
@@ -525,9 +531,7 @@ void	PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 #ifndef SSLEAY_MACROS
 
-#ifdef VMS
-#include <openssl/vms_idhacks.h>
-#endif
+#include <openssl/symhacks.h>
 
 DECLARE_PEM_rw(X509, X509)
 
diff --git a/src/lib/libssl/src/crypto/pem/pem2.h b/src/lib/libssl/src/crypto/pem/pem2.h
index 4a016aacd2..4e484bcd82 100644
--- a/src/lib/libssl/src/crypto/pem/pem2.h
+++ b/src/lib/libssl/src/crypto/pem/pem2.h
@@ -57,4 +57,12 @@
  * Ben 30 Jan 1999.
  */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ERR_load_PEM_strings(void);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
index b65239a920..1c5c6dea00 100644
--- a/src/lib/libssl/src/crypto/pem/pem_info.c
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -237,9 +237,9 @@ start:
                 else    {
                         /* unknown */
                         }
-                if (name != NULL) Free(name);
-                if (header != NULL) Free(header);
-                if (data != NULL) Free(data);
+                if (name != NULL) OPENSSL_free(name);
+                if (header != NULL) OPENSSL_free(header);
+                if (data != NULL) OPENSSL_free(data);
                 name=NULL;
                 header=NULL;
                 data=NULL;
@@ -268,9 +268,9 @@ err:
                 ret=NULL;
                 }
                 
-        if (name != NULL) Free(name);
-        if (header != NULL) Free(header);
-        if (data != NULL) Free(data);
+        if (name != NULL) OPENSSL_free(name);
+        if (header != NULL) OPENSSL_free(header);
+        if (data != NULL) OPENSSL_free(data);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index b5e0a650f8..a17c3ed57f 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -242,9 +242,9 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
                         return(NULL);
                 }
                 if(check_pem(nm, name)) break;
-                Free(nm);
-                Free(header);
-                Free(data);
+                OPENSSL_free(nm);
+                OPENSSL_free(header);
+                OPENSSL_free(data);
                 }
         if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
         if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
@@ -289,9 +289,9 @@ p8err:
         if (ret == NULL)
                 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
-        Free(nm);
-        Free(header);
-        Free(data);
+        OPENSSL_free(nm);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
         return(ret);
         }
 
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                 goto err;
                 }
         /* dzise + 8 bytes are needed */
-        data=(unsigned char *)Malloc((unsigned int)dsize+20);
+        data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
         if (data == NULL)
                 {
                 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
@@ -405,7 +405,7 @@ err:
         memset((char *)&ctx,0,sizeof(ctx));
         memset(buf,0,PEM_BUFSIZE);
         memset(data,0,(unsigned int)dsize);
-        Free(data);
+        OPENSSL_free(data);
         return(ret);
         }
 
@@ -583,7 +583,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                         goto err;
                 }
 
-        buf=(unsigned char *)Malloc(PEM_BUFSIZE*8);
+        buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
         if (buf == NULL)
                 {
                 reason=ERR_R_MALLOC_FAILURE;
@@ -603,7 +603,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                 }
         EVP_EncodeFinal(&ctx,buf,&outl);
         if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-        Free(buf);
+        OPENSSL_free(buf);
         if (    (BIO_write(bp,"-----END ",9) != 9) ||
                 (BIO_write(bp,name,nlen) != nlen) ||
                 (BIO_write(bp,"-----\n",6) != 6))
@@ -784,9 +784,9 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
         *header=headerB->data;
         *data=(unsigned char *)dataB->data;
         *len=bl;
-        Free(nameB);
-        Free(headerB);
-        Free(dataB);
+        OPENSSL_free(nameB);
+        OPENSSL_free(headerB);
+        OPENSSL_free(dataB);
         return(1);
 err:
         BUF_MEM_free(nameB);
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
index 126e29d375..2a6c513348 100644
--- a/src/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -84,7 +84,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
                 j=RSA_size(pubk[i]->pkey.rsa);
                 if (j > max) max=j;
                 }
-        s=(char *)Malloc(max*2);
+        s=(char *)OPENSSL_malloc(max*2);
         if (s == NULL)
                 {
                 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
@@ -108,7 +108,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
 
         ret=npubk;
 err:
-        if (s != NULL) Free(s);
+        if (s != NULL) OPENSSL_free(s);
         memset(key,0,EVP_MAX_KEY_LENGTH);
         return(ret);
         }
@@ -151,7 +151,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 }
         i=RSA_size(priv->pkey.rsa);
         if (i < 100) i=100;
-        s=(unsigned char *)Malloc(i*2);
+        s=(unsigned char *)OPENSSL_malloc(i*2);
         if (s == NULL)
                 {
                 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
@@ -172,7 +172,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
 err:
         memset((char *)&(ctx->md),0,sizeof(ctx->md));
         memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
-        if (s != NULL) Free(s);
+        if (s != NULL) OPENSSL_free(s);
         return(ret);
         }
 #else /* !NO_RSA */
diff --git a/src/lib/libssl/src/crypto/pem/pem_sign.c b/src/lib/libssl/src/crypto/pem/pem_sign.c
index aabafb702d..42d598dd78 100644
--- a/src/lib/libssl/src/crypto/pem/pem_sign.c
+++ b/src/lib/libssl/src/crypto/pem/pem_sign.c
@@ -82,7 +82,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         int i,ret=0;
         unsigned int m_len;
 
-        m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2);
+        m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
         if (m == NULL)
                 {
                 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
@@ -96,7 +96,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         ret=1;
 err:
         /* ctx has been zeroed by EVP_SignFinal() */
-        if (m != NULL) Free(m);
+        if (m != NULL) OPENSSL_free(m);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
index 5716f608b6..67869f204f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
@@ -91,15 +91,17 @@ p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_add.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_add.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_add.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_add.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -108,16 +110,19 @@ p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_attr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
 p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_attr.o: ../cryptlib.h
 p12_bags.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p12_bags.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p12_bags.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -126,16 +131,18 @@ p12_bags.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p12_bags.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p12_bags.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p12_bags.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_bags.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p12_bags.o: ../../include/openssl/opensslconf.h
+p12_bags.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_bags.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_bags.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_bags.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_bags.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_bags.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_bags.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_bags.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_bags.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_bags.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_bags.o: ../cryptlib.h
 p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -143,16 +150,19 @@ p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
 p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crpt.o: ../cryptlib.h
 p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -160,15 +170,17 @@ p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_crt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -177,16 +189,19 @@ p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_decr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
 p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_decr.o: ../cryptlib.h
 p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -194,16 +209,19 @@ p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_init.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_init.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
 p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_init.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_init.o: ../cryptlib.h
 p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -211,15 +229,17 @@ p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_key.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -228,16 +248,19 @@ p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_kiss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
 p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_kiss.o: ../cryptlib.h
 p12_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p12_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p12_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -246,14 +269,16 @@ p12_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p12_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p12_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p12_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p12_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p12_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p12_lib.o: ../cryptlib.h
 p12_mac.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -264,14 +289,16 @@ p12_mac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p12_mac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p12_mac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p12_mac.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_mac.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p12_mac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_mac.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_mac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p12_mac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-p12_mac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p12_mac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_mac.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_mac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_mac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mac.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_mac.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_mac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p12_mac.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p12_mac.o: ../cryptlib.h
 p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -282,25 +309,28 @@ p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_mutl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
-p12_mutl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p12_mutl.o: ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_mutl.o: ../cryptlib.h
+p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_npas.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-p12_npas.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-p12_npas.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_npas.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-p12_npas.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_npas.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
@@ -308,8 +338,8 @@ p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_npas.o: ../../include/openssl/x509_vfy.h
+p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -318,16 +348,18 @@ p12_sbag.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 p12_sbag.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 p12_sbag.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 p12_sbag.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-p12_sbag.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-p12_sbag.o: ../../include/openssl/opensslconf.h
+p12_sbag.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_sbag.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_sbag.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_sbag.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 p12_sbag.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 p12_sbag.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 p12_sbag.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 p12_sbag.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-p12_sbag.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_sbag.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_sbag.o: ../cryptlib.h
 p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -335,29 +367,33 @@ p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 p12_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk12err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-pk12err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pk12err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk12err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-pk12err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk12err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
 pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-pk12err.o: ../../include/openssl/x509_vfy.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
index d045cbba8d..b563656895 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data (STACK *sk)
+PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
 {
         PKCS7 *p7;
         if (!(p7 = PKCS7_new())) {
@@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
                 return NULL;
         }
         
-        if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
-                                        &p7->d.data->length)) {
+        if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
+                                          &p7->d.data->data,
+                                          &p7->d.data->length)) {
                 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
                 return NULL;
         }
@@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
 
 PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
-             unsigned char *salt, int saltlen, int iter, STACK *bags)
+                              unsigned char *salt, int saltlen, int iter,
+                              STACK_OF(PKCS12_SAFEBAG) *bags)
 {
         PKCS7 *p7;
         X509_ALGOR *pbe;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
index f559351d18..f1a210b5d2 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
@@ -87,13 +87,13 @@ int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
                 return 0;
         }
         attrib->object = OBJ_nid2obj(NID_localKeyID);
-        if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+        if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
                 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         sk_ASN1_TYPE_push (attrib->value.set,keyid);
         attrib->set = 1;
-        if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+        if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
                 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -129,14 +129,14 @@ int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
                 return 0;
         }
         attrib->object = OBJ_nid2obj(NID_key_usage);
-        if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+        if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
                 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         sk_ASN1_TYPE_push (attrib->value.set,keyid);
         attrib->set = 1;
         if (!p8->attributes
-            && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
+            && !(p8->attributes = sk_X509_ATTRIBUTE_new_null ())) {
                 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -157,7 +157,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
                 return 0;
         }
         ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
-        Free(uniname);
+        OPENSSL_free(uniname);
         return ret;
 }
         
@@ -181,7 +181,7 @@ int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
                                                         ERR_R_MALLOC_FAILURE);
                 return 0;
         }
-        if (!(bmp->data = Malloc (namelen))) {
+        if (!(bmp->data = OPENSSL_malloc (namelen))) {
                 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
                                                         ERR_R_MALLOC_FAILURE);
                 return 0;
@@ -195,14 +195,14 @@ int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
                 return 0;
         }
         attrib->object = OBJ_nid2obj(NID_friendlyName);
-        if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+        if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
                 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
                                                         ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         sk_ASN1_TYPE_push (attrib->value.set,fname);
         attrib->set = 1;
-        if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+        if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
                 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
                                                         ERR_R_MALLOC_FAILURE);
                 return 0;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_bags.c b/src/lib/libssl/src/crypto/pkcs12/p12_bags.c
index c358b06735..56547ef933 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_bags.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_bags.c
@@ -188,5 +188,5 @@ void PKCS12_BAGS_free (PKCS12_BAGS *a)
         }
 
         ASN1_OBJECT_free (a->type);
-        Free (a);
+        OPENSSL_free (a);
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index ee8aed54c7..a8f7b48882 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
              int keytype)
 {
         PKCS12 *p12;
-        STACK *bags, *safes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
+        STACK_OF(PKCS7) *safes;
         PKCS12_SAFEBAG *bag;
         PKCS8_PRIV_KEY_INFO *p8;
         PKCS7 *authsafe;
@@ -85,7 +86,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                 return NULL;
         }
 
-        if(!(bags = sk_new (NULL))) {
+        if(!X509_check_private_key(cert, pkey)) return NULL;
+
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -96,7 +99,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
         if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
 
-        if(!sk_push(bags, (char *)bag)) {
+        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -106,7 +109,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                 for(i = 0; i < sk_X509_num(ca); i++) {
                         tcert = sk_X509_value(ca, i);
                         if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
-                        if(!sk_push(bags, (char *)bag)) {
+                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
                                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                                 return NULL;
                         }
@@ -116,11 +119,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         /* Turn certbags into encrypted authsafe */
         authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
                                           iter, bags);
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
         if (!authsafe) return NULL;
 
-        if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
+        if(!(safes = sk_PKCS7_new_null ())
+           || !sk_PKCS7_push(safes, authsafe)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -133,14 +137,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
         if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-        if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
+           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         /* Turn it into unencrypted safe bag */
         if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
-        if(!sk_push(safes, (char *)authsafe)) {
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        if(!sk_PKCS7_push(safes, authsafe)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -149,7 +154,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
 
-        sk_pop_free(safes, PKCS7_free);
+        sk_PKCS7_pop_free(safes, PKCS7_free);
 
         if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
             return NULL;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
index 4be44eac50..8cd7e2f414 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
@@ -65,7 +65,7 @@
 
 
 /* Encrypt/Decrypt a buffer based on password and algor, result in a
- * Malloc'ed buffer
+ * OPENSSL_malloc'ed buffer
  */
 
 unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
@@ -83,7 +83,7 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
                 return NULL;
         }
 
-        if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+        if(!(out = OPENSSL_malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
                 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -91,7 +91,7 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
         EVP_CipherUpdate (&ctx, out, &i, in, inlen);
         outlen = i;
         if(!EVP_CipherFinal (&ctx, out + i, &i)) {
-                Free (out);
+                OPENSSL_free (out);
                 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
                 return NULL;
         }
@@ -109,7 +109,7 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
  */
 
 char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
-             void (*free_func)(), const char *pass, int passlen,
+             void (*free_func)(void *), const char *pass, int passlen,
              ASN1_OCTET_STRING *oct, int seq)
 {
         unsigned char *out, *p;
@@ -139,7 +139,7 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
         else ret = d2i(NULL, &p, outlen);
         if (seq & 2) memset(out, 0, outlen);
         if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
-        Free (out);
+        OPENSSL_free (out);
         return ret;
 }
 
@@ -166,7 +166,7 @@ ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
                 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
                 return NULL;
         }
-        if (!(in = Malloc (inlen))) {
+        if (!(in = OPENSSL_malloc (inlen))) {
                 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -177,9 +177,11 @@ ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
         if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
                                  &oct->length, 1)) {
                 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
-                Free(in);
+                OPENSSL_free(in);
                 return NULL;
         }
-        Free (in);
+        OPENSSL_free (in);
         return oct;
 }
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
index b364671ed2..b042dcf05c 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
@@ -74,25 +74,30 @@ void h__dump (unsigned char *p, int len);
 #define min(a,b) ((a) < (b) ? (a) : (b))
 #endif
 
-int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
              int saltlen, int id, int iter, int n, unsigned char *out,
              const EVP_MD *md_type)
 {
         int ret;
         unsigned char *unipass;
         int uniplen;
-        if (!asc2uni (pass, &unipass, &uniplen)) {
+        if(!pass) {
+                unipass = NULL;
+                uniplen = 0;
+        } else if (!asc2uni(pass, &unipass, &uniplen)) {
                 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
-        ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
+        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                  id, iter, n, out, md_type);
-        memset(unipass, 0, uniplen);    /* Clear password from memory */
-        Free(unipass);
+        if(unipass) {
+                memset(unipass, 0, uniplen);    /* Clear password from memory */
+                OPENSSL_free(unipass);
+        }
         return ret;
 }
 
-int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
              int saltlen, int id, int iter, int n, unsigned char *out,
              const EVP_MD *md_type)
 {
@@ -106,10 +111,12 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
         int tmpn = n;
 #endif
 
+#if 0
         if (!pass) {
                 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
         }
+#endif
 
 #ifdef  DEBUG_KEYGEN
         fprintf(stderr, "KEYGEN DEBUG\n");
@@ -121,13 +128,14 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
 #endif
         v = EVP_MD_block_size (md_type);
         u = EVP_MD_size (md_type);
-        D = Malloc (v);
-        Ai = Malloc (u);
-        B = Malloc (v + 1);
+        D = OPENSSL_malloc (v);
+        Ai = OPENSSL_malloc (u);
+        B = OPENSSL_malloc (v + 1);
         Slen = v * ((saltlen+v-1)/v);
-        Plen = v * ((passlen+v-1)/v);
+        if(passlen) Plen = v * ((passlen+v-1)/v);
+        else Plen = 0;
         Ilen = Slen + Plen;
-        I = Malloc (Ilen);
+        I = OPENSSL_malloc (Ilen);
         Ij = BN_new();
         Bpl1 = BN_new();
         if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
@@ -150,10 +158,10 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
                 }
                 memcpy (out, Ai, min (n, u));
                 if (u >= n) {
-                        Free (Ai);
-                        Free (B);
-                        Free (D);
-                        Free (I);
+                        OPENSSL_free (Ai);
+                        OPENSSL_free (B);
+                        OPENSSL_free (D);
+                        OPENSSL_free (I);
                         BN_free (Ij);
                         BN_free (Bpl1);
 #ifdef DEBUG_KEYGEN
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
index ee257ffbad..1fbbd6c99f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
@@ -65,9 +65,10 @@
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
                 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
 
-static int parse_bags( STACK *bags, const char *pass, int passlen,
-                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                       char *keymatch);
 
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                         EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
@@ -85,32 +86,41 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
         /* Check for NULL PKCS12 structure */
 
-        if(!p12)
-                {
+        if(!p12) {
                 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                 return 0;
-                }
+        }
 
         /* Allocate stack for ca certificates if needed */
-        if ((ca != NULL) && (*ca == NULL))
-                {
-                if (!(*ca = sk_X509_new(NULL)))
-                        {
+        if ((ca != NULL) && (*ca == NULL)) {
+                if (!(*ca = sk_X509_new_null())) {
                         PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
                         return 0;
-                        }
                 }
+        }
 
         if(pkey) *pkey = NULL;
         if(cert) *cert = NULL;
 
         /* Check the mac */
 
-        if (!PKCS12_verify_mac (p12, pass, -1))
-                {
+        /* If password is zero length or NULL then try verifying both cases
+         * to determine which password is correct. The reason for this is that
+         * under PKCS#12 password based encryption no password and a zero length
+         * password are two different things...
+         */
+
+        if(!pass || !*pass) {
+                if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
+                else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
+                else {
+                        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+                        goto err;
+                }
+        } else if (!PKCS12_verify_mac(p12, pass, -1)) {
                 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
                 goto err;
-                }
+        }
 
         if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
                 {
@@ -122,9 +132,9 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
  err:
 
-        if (pkey && *pkey) EVP_PKEY_free (*pkey);
-        if (cert && *cert) X509_free (*cert);
-        if (ca) sk_X509_pop_free (*ca, X509_free);
+        if (pkey && *pkey) EVP_PKEY_free(*pkey);
+        if (cert && *cert) X509_free(*cert);
+        if (ca) sk_X509_pop_free(*ca, X509_free);
         return 0;
 
 }
@@ -134,45 +144,48 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
              EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
-        STACK *asafes, *bags;
+        STACK_OF(PKCS7) *asafes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
         int i, bagnid;
         PKCS7 *p7;
         ASN1_OCTET_STRING *keyid = NULL;
+
         char keymatch = 0;
         if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
-        for (i = 0; i < sk_num (asafes); i++) {
-                p7 = (PKCS7 *) sk_value (asafes, i);
+        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+                p7 = sk_PKCS7_value (asafes, i);
                 bagnid = OBJ_obj2nid (p7->type);
                 if (bagnid == NID_pkcs7_data) {
-                        bags = M_PKCS12_unpack_p7data (p7);
+                        bags = M_PKCS12_unpack_p7data(p7);
                 } else if (bagnid == NID_pkcs7_encrypted) {
-                        bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+                        bags = M_PKCS12_unpack_p7encdata(p7, pass, passlen);
                 } else continue;
                 if (!bags) {
-                        sk_pop_free (asafes, PKCS7_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                         return 0;
                 }
                 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
                                                          &keyid, &keymatch)) {
-                        sk_pop_free(bags, PKCS12_SAFEBAG_free);
-                        sk_pop_free(asafes, PKCS7_free);
+                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                         return 0;
                 }
-                sk_pop_free(bags, PKCS12_SAFEBAG_free);
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
         }
-        sk_pop_free(asafes, PKCS7_free);
+        sk_PKCS7_pop_free(asafes, PKCS7_free);
         if (keyid) M_ASN1_OCTET_STRING_free(keyid);
         return 1;
 }
 
 
-static int parse_bags (STACK *bags, const char *pass, int passlen,
-                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                       ASN1_OCTET_STRING **keyid, char *keymatch)
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                       char *keymatch)
 {
         int i;
-        for (i = 0; i < sk_num(bags); i++) {
-                if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),
+        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
                          pass, passlen, pkey, cert, ca, keyid,
                                                          keymatch)) return 0;
         }
@@ -190,12 +203,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 {
         PKCS8_PRIV_KEY_INFO *p8;
         X509 *x509;
-        ASN1_OCTET_STRING *lkey = NULL;
+        ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
         ASN1_TYPE *attrib;
+        ASN1_BMPSTRING *fname = NULL;
 
+        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+                fname = attrib->value.bmpstring;
 
-        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
-                                            lkey = attrib->value.octet_string;
+        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+                lkey = attrib->value.octet_string;
+                ckid = lkey;
+        }
 
         /* Check for any local key id matching (if needed) */
         if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
@@ -231,6 +249,18 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
                                                                  return 1;
                 if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+                if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
+                if(fname) {
+                        int len;
+                        unsigned char *data;
+                        len = ASN1_STRING_to_UTF8(&data, fname);
+                        if(len > 0) {
+                                X509_alias_set1(x509, data, len);
+                                OPENSSL_free(data);
+                        }
+                }
+
+
                 if (lkey) {
                         *keymatch |= MATCH_CERT;
                         if (cert) *cert = x509;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_lib.c b/src/lib/libssl/src/crypto/pkcs12/p12_lib.c
index 7ca9c14908..7d464e3a32 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_lib.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_lib.c
@@ -107,5 +107,5 @@ void PKCS12_free (PKCS12 *a)
         M_ASN1_INTEGER_free(a->version);
         PKCS12_MAC_DATA_free (a->mac);
         PKCS7_free (a->authsafes);
-        Free (a);
+        OPENSSL_free (a);
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mac.c b/src/lib/libssl/src/crypto/pkcs12/p12_mac.c
index f5ab0d6464..fbd1eca24f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_mac.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_mac.c
@@ -106,5 +106,5 @@ void PKCS12_MAC_DATA_free (PKCS12_MAC_DATA *a)
         X509_SIG_free (a->dinfo);
         M_ASN1_OCTET_STRING_free(a->salt);
         M_ASN1_INTEGER_free(a->iter);
-        Free (a);
+        OPENSSL_free (a);
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
index 369257ed4c..13d866da51 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
@@ -106,10 +106,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
                 return 0;
         }
         if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-        || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) {
-                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
-                return 0;
-        }
+        || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
         return 1;
 }
 
@@ -152,7 +149,7 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
         }
         if (!saltlen) saltlen = PKCS12_SALT_LEN;
         p12->mac->salt->length = saltlen;
-        if (!(p12->mac->salt->data = Malloc (saltlen))) {
+        if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
                 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
index ee71707e2c..84e31a7f21 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
@@ -66,7 +66,8 @@
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+                        char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 
@@ -104,16 +105,18 @@ return 1;
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 {
-        STACK *asafes, *newsafes, *bags;
+        STACK_OF(PKCS7) *asafes, *newsafes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
         int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
         PKCS7 *p7, *p7new;
         ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
         unsigned char mac[EVP_MAX_MD_SIZE];
         unsigned int maclen;
+
         if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
-        if(!(newsafes = sk_new(NULL))) return 0;
-        for (i = 0; i < sk_num (asafes); i++) {
-                p7 = (PKCS7 *) sk_value(asafes, i);
+        if(!(newsafes = sk_PKCS7_new_null())) return 0;
+        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+                p7 = sk_PKCS7_value(asafes, i);
                 bagnid = OBJ_obj2nid(p7->type);
                 if (bagnid == NID_pkcs7_data) {
                         bags = M_PKCS12_unpack_p7data(p7);
@@ -123,26 +126,26 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
                                 &pbe_nid, &pbe_iter, &pbe_saltlen);
                 } else continue;
                 if (!bags) {
-                        sk_pop_free(asafes, PKCS7_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                         return 0;
                 }
                 if (!newpass_bags(bags, oldpass, newpass)) {
-                        sk_pop_free(bags, PKCS12_SAFEBAG_free);
-                        sk_pop_free(asafes, PKCS7_free);
+                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                         return 0;
                 }
                 /* Repack bag in same form with new password */
                 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
                 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
                                                  pbe_saltlen, pbe_iter, bags);
-                sk_pop_free(bags, PKCS12_SAFEBAG_free);
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
                 if(!p7new) {
-                        sk_pop_free(asafes, PKCS7_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                         return 0;
                 }
-                sk_push(newsafes, (char *)p7new);
+                sk_PKCS7_push(newsafes, p7new);
         }
-        sk_pop_free(asafes, PKCS7_free);
+        sk_PKCS7_pop_free(asafes, PKCS7_free);
 
         /* Repack safe: save old safe in case of error */
 
@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 }
 
 
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass)
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+                        char *newpass)
 {
         int i;
-        for (i = 0; i < sk_num(bags); i++) {
-                if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
-                                                 oldpass, newpass)) return 0;
+        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+                if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                                 oldpass, newpass))
+                    return 0;
         }
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_sbag.c b/src/lib/libssl/src/crypto/pkcs12/p12_sbag.c
index 1b3addece1..64ac32ee6f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_sbag.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_sbag.c
@@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
                 break;
 
                 case NID_safeContentsBag:
-                        M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes,
-                                 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+                        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type
+                          (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+                           0, V_ASN1_SEQUENCE, v);
                 break;
 
                 case NID_certBag:
@@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
                 break;
 
                 case NID_safeContentsBag:
-                        M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes,
-                                 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+                        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type
+                          (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+                           0, V_ASN1_SEQUENCE, v);
                 break;
 
                 case NID_certBag:
@@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
                 break;
 
                 case NID_safeContentsBag:
-                        M_ASN1_D2I_get_EXP_set_opt(ret->value.safes,
-                                d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free,
-                                                         0, V_ASN1_SEQUENCE);
+                        M_ASN1_D2I_get_EXP_set_opt_type
+                          (PKCS12_SAFEBAG, ret->value.safes,
+                           d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0,
+                           V_ASN1_SEQUENCE);
                 break;
 
                 case NID_certBag:
@@ -223,5 +226,9 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
 
         ASN1_OBJECT_free (a->type);
         sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
-        Free (a);
+        OPENSSL_free (a);
 }
+
+IMPLEMENT_STACK_OF(PKCS12_SAFEBAG)
+IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG)
+IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG)
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
index 2adcbc95e1..17f41b4549 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
@@ -67,7 +67,7 @@ unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
         int ulen, i;
         unsigned char *unitmp;
         ulen = strlen(asc)*2  + 2;
-        if (!(unitmp = Malloc (ulen))) return NULL;
+        if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
         for (i = 0; i < ulen; i+=2) {
                 unitmp[i] = 0;
                 unitmp[i + 1] = asc[i>>1];
@@ -85,7 +85,7 @@ char *uni2asc (unsigned char *uni, int unilen)
         /* If no terminating zero allow for one */
         if (uni[unilen - 1]) asclen++;
         uni++;
-        if (!(asctmp = Malloc (asclen))) return NULL;
+        if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
         for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
         asctmp[asclen - 1] = 0;
         return asctmp;
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
index dad356c00f..502fceff95 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
+++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
@@ -59,13 +59,13 @@
 #ifndef HEADER_PKCS12_H
 #define HEADER_PKCS12_H
 
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-
 #define PKCS12_KEY_ID   1
 #define PKCS12_IV_ID    2
 #define PKCS12_MAC_ID   3
@@ -108,19 +108,25 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;
 
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct {
 ASN1_OBJECT *type;
 union {
         struct pkcs12_bag_st *bag; /* secret, crl and certbag */
         struct pkcs8_priv_key_info_st   *keybag; /* keybag */
         X509_SIG *shkeybag; /* shrouded key bag */
-        STACK /* PKCS12_SAFEBAG */ *safes;
+        STACK_OF(PKCS12_SAFEBAG) *safes;
         ASN1_TYPE *other;
 }value;
 STACK_OF(X509_ATTRIBUTE) *attrib;
 ASN1_TYPE *rest;
 } PKCS12_SAFEBAG;
 
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct pkcs12_bag_st {
 ASN1_OBJECT *type;
 union {
@@ -140,50 +146,49 @@ union {
 #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
 
 #define M_PKCS12_x5092certbag(x509) \
-PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
+PKCS12_pack_safebag((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
 
 #define M_PKCS12_x509crl2certbag(crl) \
-PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
+PKCS12_pack_safebag((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
 
 #define M_PKCS12_certbag2x509(bg) \
-(X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
+(X509 *) ASN1_unpack_string((bg)->value.bag->value.octet, \
 (char *(*)())d2i_X509)
 
 #define M_PKCS12_certbag2x509crl(bg) \
-(X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
+(X509CRL *) ASN1_unpack_string((bg)->value.bag->value.octet, \
 (char *(*)())d2i_X509CRL)
 
 /*#define M_PKCS12_pkcs82rsa(p8) \
-(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
+(RSA *) ASN1_unpack_string((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
 
 #define M_PKCS12_unpack_p7data(p7) \
-ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
-                         (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
+ASN1_seq_unpack_PKCS12_SAFEBAG((p7)->d.data->data, p7->d.data->length, \
+                                d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
 
 #define M_PKCS12_pack_authsafes(p12, safes) \
-ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
+ASN1_seq_pack_PKCS7((safes), i2d_PKCS7,\
         &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
 
 #define M_PKCS12_unpack_authsafes(p12) \
-ASN1_seq_unpack((p12)->authsafes->d.data->data, \
-                (p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
-                                                        PKCS7_free)
+ASN1_seq_unpack_PKCS7((p12)->authsafes->d.data->data, \
+                (p12)->authsafes->d.data->length, d2i_PKCS7, PKCS7_free)
 
 #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
-(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
-                         (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
-                                                        (pass), (passlen), \
-                        (p7)->d.encrypted->enc_data->enc_data, 3)
+PKCS12_decrypt_d2i_PKCS12_SAFEBAG((p7)->d.encrypted->enc_data->algorithm,\
+                                   d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
+                                   (pass), (passlen), \
+                                   (p7)->d.encrypted->enc_data->enc_data, 3)
 
 #define M_PKCS12_decrypt_skey(bag, pass, passlen) \
-(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
-(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \
+(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((bag)->value.shkeybag->algor, \
+(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free, \
                                                 (pass), (passlen), \
                          (bag)->value.shkeybag->digest, 2)
 
 #define M_PKCS8_decrypt(p8, pass, passlen) \
-(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \
-(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\
+(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((p8)->algor, \
+(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free,\
                          (pass), (passlen), (p8)->digest, 2)
 
 #define PKCS12_get_attr(bag, attr_nid) \
@@ -205,10 +210,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
                                      int passlen, unsigned char *salt,
                                      int saltlen, int iter,
                                      PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK *sk);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                              unsigned char *salt, int saltlen, int iter,
-                             STACK *bags);
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
                                 int namelen);
@@ -221,7 +226,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
                                 int passlen, unsigned char *in, int inlen,
                                 unsigned char **data, int *datalen, int en_de);
 char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
-                         void (*free_func)(), const char *pass, int passlen,
+                         void (*free_func)(void *), const char *pass, int passlen,
                          ASN1_STRING *oct, int seq);
 ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
                                 const char *pass, int passlen, char *obj,
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
index 0e508386e8..6cd18b671e 100644
--- a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
@@ -99,12 +99,14 @@ clean:
 
 pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pk7_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-pk7_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 pk7_attr.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
@@ -112,26 +114,29 @@ pk7_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 pk7_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 pk7_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_attr.o: ../../include/openssl/x509_vfy.h
 pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/opensslconf.h
 pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pk7_doit.o: ../cryptlib.h
+pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h
 pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -139,14 +144,16 @@ pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 pk7_lib.o: ../cryptlib.h
 pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -156,47 +163,55 @@ pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pk7_mime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 pk7_mime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
 pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 pk7_mime.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 pk7_mime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 pk7_mime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_mime.o: ../cryptlib.h
 pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_smime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_smime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
 pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 pk7_smime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 pk7_smime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h
+pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_smime.o: ../cryptlib.h
 pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pkcs7err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pkcs7err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pkcs7err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pkcs7err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pkcs7err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pkcs7err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pkcs7err.o: ../../include/openssl/x509_vfy.h
diff --git a/src/lib/libssl/src/crypto/pkcs7/bio_ber.c b/src/lib/libssl/src/crypto/pkcs7/bio_ber.c
index 4803966fd2..5447e69818 100644
--- a/src/lib/libssl/src/crypto/pkcs7/bio_ber.c
+++ b/src/lib/libssl/src/crypto/pkcs7/bio_ber.c
@@ -128,7 +128,7 @@ static int ber_new(BIO *bi)
         {
         BIO_BER_CTX *ctx;
 
-        ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX));
+        ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
         if (ctx == NULL) return(0);
 
         memset((char *)ctx,0,sizeof(BIO_BER_CTX));
@@ -146,7 +146,7 @@ static int ber_free(BIO *a)
         if (a == NULL) return(0);
         b=(BIO_BER_CTX *)a->ptr;
         memset(a->ptr,0,sizeof(BIO_BER_CTX));
-        Free(a->ptr);
+        OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
         a->flags=0;
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
index 3b9c0fe3f2..6ae264cbf9 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
@@ -12,22 +12,24 @@
 #include <openssl/asn1.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
+#include <openssl/x509.h>
 #include <openssl/err.h>
 
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
         ASN1_STRING *seq;
         unsigned char *p, *pp;
         int len;
-        len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        if(!(pp=(unsigned char *)Malloc(len))) {
+        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
+                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
+                                       IS_SEQUENCE);
+        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
                 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         p=pp;
-        i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
         if(!(seq = ASN1_STRING_new())) {
                 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                 return 0;
@@ -36,27 +38,29 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
                 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
-        Free (pp);
+        OPENSSL_free (pp);
         return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
                                                         V_ASN1_SEQUENCE, seq);
 }
 
-STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
 {
         ASN1_TYPE *cap;
         unsigned char *p;
         cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
         if (!cap) return NULL;
         p = cap->value.sequence->data;
-        return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, 
-                (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
-                                                         V_ASN1_UNIVERSAL);
+        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+                                          cap->value.sequence->length,
+                                          d2i_X509_ALGOR, X509_ALGOR_free,
+                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 
 /* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 {
         X509_ALGOR *alg;
+
         if(!(alg = X509_ALGOR_new())) {
                 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
                 return 0;
@@ -80,6 +84,6 @@ int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
                 alg->parameter->value.integer = nbit;
                 alg->parameter->type = V_ASN1_INTEGER;
         }
-        sk_push (sk, (char *)alg);
+        sk_X509_ALGOR_push (sk, alg);
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 4ab24a86f5..099e9651c1 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -189,7 +189,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                         EVP_PKEY_free(pkey);
                         if (max < jj) max=jj;
                         }
-                if ((tmp=(unsigned char *)Malloc(max)) == NULL)
+                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
                         {
                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
                         goto err;
@@ -203,12 +203,12 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                         if (jj <= 0)
                                 {
                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-                                Free(tmp);
+                                OPENSSL_free(tmp);
                                 goto err;
                                 }
                         M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
                         }
-                Free(tmp);
+                OPENSSL_free(tmp);
                 memset(key, 0, keylen);
 
                 if (out == NULL)
@@ -265,13 +265,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
         X509_ALGOR *xalg=NULL;
         PKCS7_RECIP_INFO *ri=NULL;
-#ifndef NO_RC2
-        char is_rc2 = 0;
-#endif
-/*      EVP_PKEY *pkey; */
-#if 0
-        X509_STORE_CTX s_ctx;
-#endif
 
         i=OBJ_obj2nid(p7->type);
         p7->state=PKCS7_S_HEADER;
@@ -312,16 +305,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 goto err;
                 }
 
-        if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc)
-                {
-#ifndef NO_RC2          
-                is_rc2 = 1; 
-#else
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-                goto err;
-#endif
-                }
-
         /* We will be checking the signature */
         if (md_sk != NULL)
                 {
@@ -391,7 +374,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 }
 
                 jj=EVP_PKEY_size(pkey);
-                tmp=(unsigned char *)Malloc(jj+10);
+                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
                 if (tmp == NULL)
                         {
                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
@@ -413,24 +396,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                         return(NULL);
 
                 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
-                        /* HACK: some S/MIME clients don't use the same key
+                        /* Some S/MIME clients don't use the same key
                          * and effective key length. The key length is
                          * determined by the size of the decrypted RSA key.
-                         * So we hack things to manually set the RC2 key
-                         * because we currently can't do this with the EVP
-                         * interface.
                          */
-#ifndef NO_RC2          
-                        if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp,
-                                        EVP_CIPHER_CTX_key_length(evp_ctx)*8);
-                        else
-#endif
+                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
                                 {
                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                         PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
                                 goto err;
                                 }
-                } else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+                } 
+                EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
 
                 memset(tmp,0,jj);
 
@@ -479,7 +456,7 @@ err:
                 out=NULL;
                 }
         if (tmp != NULL)
-                Free(tmp);
+                OPENSSL_free(tmp);
         return(out);
         }
 
@@ -557,7 +534,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                 if (EVP_MD_CTX_type(mdc) == j)
                                         break;
                                 else
-                                        btmp=btmp->next_bio;
+                                        btmp=BIO_next(btmp);
                                 }
                         
                         /* We now have the EVP_MD_CTX, lets do the
@@ -601,13 +578,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                 x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
                                            i2d_X509_ATTRIBUTE,
                                            V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-                                pp=(unsigned char *)Malloc(x);
+                                pp=(unsigned char *)OPENSSL_malloc(x);
                                 p=pp;
                                 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
                                            i2d_X509_ATTRIBUTE,
                                            V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
                                 EVP_SignUpdate(&ctx_tmp,pp,x);
-                                Free(pp);
+                                OPENSSL_free(pp);
                                 pp=NULL;
                                 }
 
@@ -650,7 +627,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                         (unsigned char *)buf_mem->data,buf_mem->length);
 #endif
                 }
-        if (pp != NULL) Free(pp);
+        if (pp != NULL) OPENSSL_free(pp);
         pp=NULL;
 
         ret=1;
@@ -749,7 +726,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                         }
                 if (EVP_MD_CTX_type(mdc) == md_type)
                         break;
-                btmp=btmp->next_bio;    
+                btmp=BIO_next(btmp);
                 }
 
         /* mdc is the digest ctx that we want, unless there are attributes,
@@ -795,13 +772,13 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                  */
                 i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
                         V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
-                pp=Malloc(i);
+                pp=OPENSSL_malloc(i);
                 p=pp;
                 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
                         V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
                 EVP_VerifyUpdate(&mdc_tmp,pp,i);
 
-                Free(pp);
+                OPENSSL_free(pp);
                 }
 
         os=si->enc_digest;
@@ -932,7 +909,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 
         if (*sk == NULL)
                 {
-                *sk = sk_X509_ATTRIBUTE_new(NULL);
+                *sk = sk_X509_ATTRIBUTE_new_null();
 new_attrib:
                 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
                 sk_X509_ATTRIBUTE_push(*sk,attr);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 734643be28..994473c0bd 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -70,16 +70,21 @@
  */
 
 typedef struct {
-char *name;                             /* Name of line e.g. "content-type" */
-char *value;                            /* Value of line e.g. "text/plain" */
-STACK /* MIME_PARAM */ *params;         /* Zero or more parameters */
-} MIME_HEADER;
-
-typedef struct {
 char *param_name;                       /* Param name e.g. "micalg" */
 char *param_value;                      /* Param value e.g. "sha1" */
 } MIME_PARAM;
 
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;                             /* Name of line e.g. "content-type" */
+char *value;                            /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
 
 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
 static PKCS7 *B64_read_PKCS7(BIO *bio);
@@ -88,14 +93,16 @@ static char * strip_start(char *name);
 static char * strip_end(char *name);
 static MIME_HEADER *mime_hdr_new(char *name, char *value);
 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b);
 static void mime_param_free(MIME_PARAM *param);
 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
 static int iscrlf(char c);
-static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
 static void mime_hdr_free(MIME_HEADER *hdr);
 
@@ -163,7 +170,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                 BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
                 BIO_printf(bio, "This is an S/MIME signed message\n\n");
                 /* Now write out the first part */
-                BIO_printf(bio, "------%s\r\n", bound);
+                BIO_printf(bio, "------%s\n", bound);
                 if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
                 while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
                                                 BIO_write(bio, linebuf, i);
@@ -196,8 +203,8 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
 {
         BIO *p7in;
-        STACK *headers = NULL;
-        STACK *parts = NULL;
+        STACK_OF(MIME_HEADER) *headers = NULL;
+        STACK_OF(BIO) *parts = NULL;
         MIME_HEADER *hdr;
         MIME_PARAM *prm;
         PKCS7 *p7;
@@ -211,7 +218,7 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
         }
 
         if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
                 return NULL;
         }
@@ -222,24 +229,24 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
                 /* Split into two parts */
                 prm = mime_param_find(hdr, "boundary");
                 if(!prm || !prm->param_value) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
                         return NULL;
                 }
                 ret = multi_split(bio, prm->param_value, &parts);
-                sk_pop_free(headers, mime_hdr_free);
-                if(!ret || (sk_num(parts) != 2) ) {
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                if(!ret || (sk_BIO_num(parts) != 2) ) {
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
 
                 /* Parse the signature piece */
-                p7in = (BIO *)sk_value(parts, 1);
+                p7in = sk_BIO_value(parts, 1);
 
                 if (!(headers = mime_parse_hdr(p7in))) {
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
 
@@ -247,32 +254,32 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
 
                 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
                                                                  !hdr->value) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
                         return NULL;
                 }
 
                 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
                         strcmp(hdr->value, "application/pkcs7-signature")) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
                         ERR_add_error_data(2, "type: ", hdr->value);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 /* Read in PKCS#7 */
                 if(!(p7 = B64_read_PKCS7(p7in))) {
                         PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                         return NULL;
                 }
 
                 if(bcont) {
-                        *bcont = (BIO *)sk_value(parts, 0);
+                        *bcont = sk_BIO_value(parts, 0);
                         BIO_free(p7in);
-                        sk_free(parts);
-                } else sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_free(parts);
+                } else sk_BIO_pop_free(parts, BIO_vfree);
                 return p7;
         }
                 
@@ -282,11 +289,11 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
             strcmp (hdr->value, "application/pkcs7-mime")) {
                 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
                 ERR_add_error_data(2, "type: ", hdr->value);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return NULL;
         }
 
-        sk_pop_free(headers, mime_hdr_free);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         
         if(!(p7 = B64_read_PKCS7(bio))) {
                 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
@@ -325,24 +332,25 @@ int SMIME_text(BIO *in, BIO *out)
 {
         char iobuf[4096];
         int len;
-        STACK *headers;
+        STACK_OF(MIME_HEADER) *headers;
         MIME_HEADER *hdr;
+
         if (!(headers = mime_parse_hdr(in))) {
                 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
                 return 0;
         }
         if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
                 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return 0;
         }
         if (strcmp (hdr->value, "text/plain")) {
                 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
                 ERR_add_error_data(2, "type: ", hdr->value);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                 return 0;
         }
-        sk_pop_free(headers, mime_hdr_free);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
                                                 BIO_write(out, iobuf, len);
         return 1;
@@ -352,18 +360,19 @@ int SMIME_text(BIO *in, BIO *out)
  * canonical parts in a STACK of bios
  */
 
-static int multi_split(BIO *bio, char *bound, STACK **ret)
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 {
         char linebuf[MAX_SMLEN];
         int len, blen;
         BIO *bpart = NULL;
-        STACK *parts;
+        STACK_OF(BIO) *parts;
         char state, part, first;
+
         blen = strlen(bound);
         part = 0;
         state = 0;
         first = 1;
-        parts = sk_new(NULL);
+        parts = sk_BIO_new_null();
         *ret = parts;
         while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
                 state = mime_bound_check(linebuf, len, bound, blen);
@@ -371,12 +380,12 @@ static int multi_split(BIO *bio, char *bound, STACK **ret)
                         first = 1;
                         part++;
                 } else if(state == 2) {
-                        sk_push(parts, (char *)bpart);
+                        sk_BIO_push(parts, bpart);
                         return 1;
                 } else if(part) {
                         if(first) {
                                 first = 0;
-                                if(bpart) sk_push(parts, (char *)bpart);
+                                if(bpart) sk_BIO_push(parts, bpart);
                                 bpart = BIO_new(BIO_s_mem());
                                 
                         } else BIO_write(bpart, "\r\n", 2);
@@ -405,15 +414,16 @@ static int iscrlf(char c)
 #define MIME_COMMENT    6
 
 
-static STACK *mime_parse_hdr(BIO *bio)
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 {
         char *p, *q, c;
         char *ntmp;
         char linebuf[MAX_SMLEN];
         MIME_HEADER *mhdr = NULL;
-        STACK *headers;
+        STACK_OF(MIME_HEADER) *headers;
         int len, state, save_state = 0;
-        headers = sk_new(mime_hdr_cmp);
+
+        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
         while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
         /* If whitespace at line start then continuation line */
         if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
@@ -441,7 +451,7 @@ static STACK *mime_parse_hdr(BIO *bio)
                                 mime_debug("Found End Value\n");
                                 *p = 0;
                                 mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                                sk_push(headers, (char *)mhdr);
+                                sk_MIME_HEADER_push(headers, mhdr);
                                 ntmp = NULL;
                                 q = p + 1;
                                 state = MIME_NAME;
@@ -493,7 +503,7 @@ static STACK *mime_parse_hdr(BIO *bio)
 
         if(state == MIME_TYPE) {
                 mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                sk_push(headers, (char *)mhdr);
+                sk_MIME_HEADER_push(headers, mhdr);
         } else if(state == MIME_VALUE)
                          mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
         if(p == linebuf) break; /* Blank line means end of headers */
@@ -569,11 +579,11 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
                         }
                 }
         } else tmpval = NULL;
-        mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
         if(!mhdr) return NULL;
         mhdr->name = tmpname;
         mhdr->value = tmpval;
-        if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
         return mhdr;
 }
                 
@@ -598,34 +608,36 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
                 if(!tmpval) return 0;
         } else tmpval = NULL;
         /* Parameter values are case sensitive so leave as is */
-        mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
         if(!mparam) return 0;
         mparam->param_name = tmpname;
         mparam->param_value = tmpval;
-        sk_push(mhdr->params, (char *)mparam);
+        sk_MIME_PARAM_push(mhdr->params, mparam);
         return 1;
 }
 
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b)
 {
         return(strcmp((*a)->name, (*b)->name));
 }
 
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b)
 {
         return(strcmp((*a)->param_name, (*b)->param_name));
 }
 
 /* Find a header with a given name (if possible) */
 
-static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
 {
         MIME_HEADER htmp;
         int idx;
         htmp.name = name;
-        idx = sk_find(hdrs, (char *)&htmp);
+        idx = sk_MIME_HEADER_find(hdrs, &htmp);
         if(idx < 0) return NULL;
-        return (MIME_HEADER *)sk_value(hdrs, idx);
+        return sk_MIME_HEADER_value(hdrs, idx);
 }
 
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
@@ -633,24 +645,24 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
         MIME_PARAM param;
         int idx;
         param.param_name = name;
-        idx = sk_find(hdr->params, (char *)&param);
+        idx = sk_MIME_PARAM_find(hdr->params, &param);
         if(idx < 0) return NULL;
-        return (MIME_PARAM *)sk_value(hdr->params, idx);
+        return sk_MIME_PARAM_value(hdr->params, idx);
 }
 
 static void mime_hdr_free(MIME_HEADER *hdr)
 {
-        if(hdr->name) Free(hdr->name);
-        if(hdr->value) Free(hdr->value);
-        if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
-        Free(hdr);
+        if(hdr->name) OPENSSL_free(hdr->name);
+        if(hdr->value) OPENSSL_free(hdr->value);
+        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+        OPENSSL_free(hdr);
 }
 
 static void mime_param_free(MIME_PARAM *param)
 {
-        if(param->param_name) Free(param->param_name);
-        if(param->param_value) Free(param->param_value);
-        Free(param);
+        if(param->param_name) OPENSSL_free(param->param_name);
+        if(param->param_value) OPENSSL_free(param->param_value);
+        OPENSSL_free(param);
 }
 
 /* Check for a multipart boundary. Returns:
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index b41f42ed04..d716f9faeb 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -64,12 +64,12 @@
 #include <openssl/x509v3.h>
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                                                        BIO *data, int flags)
+                  BIO *data, int flags)
 {
         PKCS7 *p7;
         PKCS7_SIGNER_INFO *si;
         BIO *p7bio;
-        STACK *smcap;
+        STACK_OF(X509_ALGOR) *smcap;
         int i;
 
         if(!X509_check_private_key(signcert, pkey)) {
@@ -109,7 +109,9 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
                                 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
                 /* Add SMIMECapabilities */
-                if(!(smcap = sk_new(NULL))) {
+                if(!(flags & PKCS7_NOSMIMECAP))
+                {
+                if(!(smcap = sk_X509_ALGOR_new_null())) {
                         PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
                         return NULL;
                 }
@@ -127,7 +129,8 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
 #endif
                 PKCS7_add_attrib_smimecap (si, smcap);
-                sk_pop_free(smcap, X509_ALGOR_free);
+                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                }
         }
 
         if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
@@ -150,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         PKCS7_SIGNER_INFO *si;
         X509_STORE_CTX cert_ctx;
         char buf[4096];
-        int i, j=0;
+        int i, j=0, k;
         BIO *p7bio;
         BIO *tmpout;
 
@@ -169,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
                 return 0;
         }
+#if 0
+        /* NB: this test commented out because some versions of Netscape
+         * illegally include zero length content when signing data.
+         */
 
         /* Check for data and content: two sets of data */
         if(!PKCS7_get_detached(p7) && indata) {
                                 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
                 return 0;
         }
+#endif
 
         sinfos = PKCS7_get_signer_info(p7);
 
@@ -190,8 +198,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 
         /* Now verify the certificates */
 
-        if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
-                signer = sk_X509_value (signers, i);
+        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
+                signer = sk_X509_value (signers, k);
                 if (!(flags & PKCS7_NOCHAIN)) {
                         X509_STORE_CTX_init(&cert_ctx, store, signer,
                                                         p7->d.sign->cert);
@@ -282,7 +290,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
                 return NULL;
         }
-        if(!(signers = sk_X509_new(NULL))) {
+        if(!(signers = sk_X509_new_null())) {
                 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
index 3ec725d226..1b817e605d 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
@@ -59,15 +59,13 @@
 #ifndef HEADER_PKCS7_H
 #define HEADER_PKCS7_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 
-#ifdef VMS
-#include <openssl/vms_idhacks.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
 #endif
 
 #ifdef WIN32
@@ -210,9 +208,16 @@ typedef struct pkcs7_st
 
                 /* NID_pkcs7_encrypted */
                 PKCS7_ENCRYPT *encrypted;
+
+                /* Anything else */
+                ASN1_TYPE *other;
                 } d;
         } PKCS7;
 
+DECLARE_STACK_OF(PKCS7)
+DECLARE_ASN1_SET_OF(PKCS7)
+DECLARE_PKCS12_STACK_OF(PKCS7)
+
 #define PKCS7_OP_SET_DETACHED_SIGNATURE 1
 #define PKCS7_OP_GET_DETACHED_SIGNATURE 2
 
@@ -240,15 +245,16 @@ typedef struct pkcs7_st
 
 /* S/MIME related flags */
 
-#define PKCS7_TEXT      0x1
-#define PKCS7_NOCERTS   0x2
-#define PKCS7_NOSIGS    0x4
-#define PKCS7_NOCHAIN   0x8
-#define PKCS7_NOINTERN  0x10
-#define PKCS7_NOVERIFY  0x20
-#define PKCS7_DETACHED  0x40
-#define PKCS7_BINARY    0x80
-#define PKCS7_NOATTR    0x100
+#define PKCS7_TEXT              0x1
+#define PKCS7_NOCERTS           0x2
+#define PKCS7_NOSIGS            0x4
+#define PKCS7_NOCHAIN           0x8
+#define PKCS7_NOINTERN          0x10
+#define PKCS7_NOVERIFY          0x20
+#define PKCS7_DETACHED          0x40
+#define PKCS7_BINARY            0x80
+#define PKCS7_NOATTR            0x100
+#define PKCS7_NOSMIMECAP        0x200
 
 /* Flags: for compatibility with older code */
 
@@ -402,9 +408,10 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
                                                                 int flags);
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
 
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap);
-STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-int PKCS7_simple_smimecap(STACK *sk, int nid, int arg);
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
 
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
diff --git a/src/lib/libssl/src/crypto/rand/Makefile.ssl b/src/lib/libssl/src/crypto/rand/Makefile.ssl
index be8eea34a2..5f6199a35f 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -22,8 +22,8 @@ TEST= randtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o rand_win.o
 
 SRC= $(LIBSRC)
 
@@ -78,15 +78,45 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/symhacks.h rand_lcl.h
 rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
-rand_err.o: ../../include/openssl/err.h ../../include/openssl/rand.h
-rand_lib.o: ../../include/openssl/rand.h
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_err.o: ../../include/openssl/symhacks.h
+rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+rand_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+rand_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+rand_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rand_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h
+rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_win.o: ../cryptlib.h rand_lcl.h
 randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 randfile.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+randfile.o: ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index da4258c479..d167dea77d 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -109,9 +109,7 @@
  *
  */
 
-#define ENTROPY_NEEDED 16  /* require 128 bits = 16 bytes of randomness */
-
-#ifndef MD_RAND_DEBUG
+#ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
 #   define NDEBUG
 # endif
@@ -119,75 +117,20 @@
 
 #include <assert.h>
 #include <stdio.h>
-#include <time.h>
 #include <string.h>
 
 #include "openssl/e_os.h"
 
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(NO_SHA) && !defined(NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(NO_MDC2) && !defined(NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
-#endif
-#endif
-
-/* Changed how the state buffer used.  I now attempt to 'wrap' such
- * that I don't run over the same locations the next time  go through
- * the 1023 bytes - many thanks to
- * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
- */
-
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
-#define MD_CTX                  MD5_CTX
-#define MD_Init(a)              MD5_Init(a)
-#define MD_Update(a,b,c)        MD5_Update(a,b,c)
-#define MD_Final(a,b)           MD5_Final(a,b)
-#define MD(a,b,c)               MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
-#define MD_CTX                  SHA_CTX
-#define MD_Init(a)              SHA1_Init(a)
-#define MD_Update(a,b,c)        SHA1_Update(a,b,c)
-#define MD_Final(a,b)           SHA1_Final(a,b)
-#define MD(a,b,c)               SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
-#define MD_CTX                  MDC2_CTX
-#define MD_Init(a)              MDC2_Init(a)
-#define MD_Update(a,b,c)        MDC2_Update(a,b,c)
-#define MD_Final(a,b)           MDC2_Final(a,b)
-#define MD(a,b,c)               MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
-#define MD_CTX                  MD2_CTX
-#define MD_Init(a)              MD2_Init(a)
-#define MD_Update(a,b,c)        MD2_Update(a,b,c)
-#define MD_Final(a,b)           MD2_Final(a,b)
-#define MD(a,b,c)               MD2(a,b,c)
-#endif
-
-#include <openssl/rand.h>
-
 #ifdef BN_DEBUG
 # define PREDICT
 #endif
 
-/* #define NORAND       1 */
 /* #define PREDICT      1 */
 
 #define STATE_SIZE      1023
@@ -198,6 +141,11 @@ static long md_count[2]={0,0};
 static double entropy=0;
 static int initialized=0;
 
+/* This should be set to 1 only when ssleay_rand_add() is called inside
+   an already locked state, so it doesn't try to lock and thereby cause
+   a hang.  And it should always be reset back to 0 before unlocking. */
+static int add_do_not_lock=0;
+
 #ifdef PREDICT
 int rand_predictable=0;
 #endif
@@ -234,6 +182,7 @@ static void ssleay_rand_cleanup(void)
         md_count[0]=0;
         md_count[1]=0;
         entropy=0;
+        initialized=0;
         }
 
 static void ssleay_rand_add(const void *buf, int num, double add)
@@ -243,10 +192,6 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         unsigned char local_md[MD_DIGEST_LENGTH];
         MD_CTX m;
 
-#ifdef NORAND
-        return;
-#endif
-
         /*
          * (Based on the rand(3) manpage)
          *
@@ -262,7 +207,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
          * hash function.
          */
 
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         st_idx=state_index;
 
         /* use our own copies of the counters so that even
@@ -294,7 +239,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 
         md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
 
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         for (i=0; i<num; i+=MD_DIGEST_LENGTH)
                 {
@@ -336,7 +281,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                 }
         memset((char *)&m,0,sizeof(m));
 
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         /* Don't just copy back local_md into md -- this could mean that
          * other thread's seeding remains without effect (except for
          * the incremented counter).  By XORing it we keep at least as
@@ -347,9 +292,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                 }
         if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
             entropy += add;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
         
-#ifndef THREADS 
+#if !defined(THREADS) && !defined(WIN32)
         assert(md_c[1] == md_count[1]);
 #endif
         }
@@ -359,58 +304,9 @@ static void ssleay_rand_seed(const void *buf, int num)
         ssleay_rand_add(buf, num, num);
         }
 
-static void ssleay_rand_initialize(void)
-        {
-        unsigned long l;
-#ifndef GETPID_IS_MEANINGLESS
-        pid_t curr_pid = getpid();
-#endif
-#ifdef DEVRANDOM
-        FILE *fh;
-#endif
-
-#ifdef NORAND
-        return;
-#endif
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-        /* put in some default random data, we need more than just this */
-#ifndef GETPID_IS_MEANINGLESS
-        l=curr_pid;
-        RAND_add(&l,sizeof(l),0);
-        l=getuid();
-        RAND_add(&l,sizeof(l),0);
-#endif
-        l=time(NULL);
-        RAND_add(&l,sizeof(l),0);
-
-#ifdef DEVRANDOM
-        /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-         * have this. Use /dev/urandom if you can as /dev/random may block
-         * if it runs out of random entries.  */
-
-        if ((fh = fopen(DEVRANDOM, "r")) != NULL)
-                {
-                unsigned char tmpbuf[ENTROPY_NEEDED];
-                int n;
-                
-                setvbuf(fh, NULL, _IONBF, 0);
-                n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
-                fclose(fh);
-                RAND_add(tmpbuf,sizeof tmpbuf,n);
-                memset(tmpbuf,0,n);
-                }
-#endif
-#ifdef PURIFY
-        memset(state,0,STATE_SIZE);
-        memset(md,0,MD_DIGEST_LENGTH);
-#endif
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-        initialized=1;
-        }
-
 static int ssleay_rand_bytes(unsigned char *buf, int num)
         {
+        static volatile int stirred_pool = 0;
         int i,j,k,st_num,st_idx;
         int ok;
         long md_c[2];
@@ -419,6 +315,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #ifndef GETPID_IS_MEANINGLESS
         pid_t curr_pid = getpid();
 #endif
+        int do_stir_pool = 0;
 
 #ifdef PREDICT
         if (rand_predictable)
@@ -450,11 +347,17 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
          * global 'md'.
          */
 
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
         if (!initialized)
-                ssleay_rand_initialize();
+                RAND_poll();
+
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        add_do_not_lock = 1;    /* Since we call ssleay_rand_add while in
+                                   this locked state. */
 
+        initialized = 1;
+        if (!stirred_pool)
+                do_stir_pool = 1;
+        
         ok = (entropy >= ENTROPY_NEEDED);
         if (!ok)
                 {
@@ -464,12 +367,42 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
                  * Once we've had enough initial seeding we don't bother to
                  * adjust the entropy count, though, because we're not ambitious
                  * to provide *information-theoretic* randomness.
+                 *
+                 * NOTE: This approach fails if the program forks before
+                 * we have enough entropy. Entropy should be collected
+                 * in a separate input pool and be transferred to the
+                 * output pool only when the entropy limit has been reached.
                  */
                 entropy -= num;
                 if (entropy < 0)
                         entropy = 0;
                 }
 
+        if (do_stir_pool)
+                {
+                /* Our output function chains only half of 'md', so we better
+                 * make sure that the required entropy gets 'evenly distributed'
+                 * through 'state', our randomness pool.  The input function
+                 * (ssleay_rand_add) chains all of 'md', which makes it more
+                 * suitable for this purpose.
+                 */
+
+                int n = STATE_SIZE; /* so that the complete pool gets accessed */
+                while (n > 0)
+                        {
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
+#endif
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+                        /* Note that the seed does not matter, it's just that
+                         * ssleay_rand_add expects to have something to hash. */
+                        ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+                        n -= MD_DIGEST_LENGTH;
+                        }
+                if (ok)
+                        stirred_pool = 1;
+                }
+
         st_idx=state_index;
         st_num=state_num;
         md_c[0] = md_count[0];
@@ -484,6 +417,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
          * are now ours (but other threads may use them too) */
 
         md_count[0] += 1;
+
+        add_do_not_lock = 0;    /* If this would ever be forgotten, we can
+                                   expect any evil god to eat our souls. */
         CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         while (num > 0)
@@ -536,6 +472,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
         else
                 {
                 RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+                ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                        "http://www.openssl.org/support/faq.html");
                 return(0);
                 }
         }
@@ -561,152 +499,13 @@ static int ssleay_rand_status(void)
         {
         int ret;
 
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
         if (!initialized)
-                ssleay_rand_initialize();
-        ret = entropy >= ENTROPY_NEEDED;
+                RAND_poll();
 
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        initialized = 1;
+        ret = entropy >= ENTROPY_NEEDED;
         CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         return ret;
         }
-
-#ifdef WINDOWS
-#include <windows.h>
-#include <openssl/rand.h>
-
-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
-        {
-        double add_entropy=0;
-        SYSTEMTIME t;
-
-        switch (iMsg)
-                {
-        case WM_KEYDOWN:
-                        {
-                        static WPARAM key;
-                        if (key != wParam)
-                                add_entropy = 0.05;
-                        key = wParam;
-                        }
-                        break;
-        case WM_MOUSEMOVE:
-                        {
-                        static int lastx,lasty,lastdx,lastdy;
-                        int x,y,dx,dy;
-
-                        x=LOWORD(lParam);
-                        y=HIWORD(lParam);
-                        dx=lastx-x;
-                        dy=lasty-y;
-                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
-                                add_entropy=.2;
-                        lastx=x, lasty=y;
-                        lastdx=dx, lastdy=dy;
-                        }
-                break;
-                }
-
-        GetSystemTime(&t);
-        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
-        RAND_add(&wParam, sizeof(wParam), 0);
-        RAND_add(&lParam, sizeof(lParam), 0);
-        RAND_add(&t, sizeof(t), 0);
-
-        return (RAND_status());
-        }
-
-/*****************************************************************************
- * Initialisation function for the SSL random generator.  Takes the contents
- * of the screen as random seed.
- *
- * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
- * the original copyright message is:
- *
- *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
- *
- *   You have a royalty-free right to use, modify, reproduce and
- *   distribute the Sample Files (and/or any modified version) in
- *   any way you find useful, provided that you agree that
- *   Microsoft has no warranty obligations or liability for any
- *   Sample Application Files which are modified.
- */
-/*
- * I have modified the loading of bytes via RAND_seed() mechanism since
- * the original would have been very very CPU intensive since RAND_seed()
- * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
- * as that to digest 56 bytes.  So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
- * digests or digesting 2.7 mbytes.  What I have put in place would
- * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
- * or about 3.5 times as much.
- * - eric 
- */
-void RAND_screen(void)
-{
-  HDC           hScrDC;         /* screen DC */
-  HDC           hMemDC;         /* memory DC */
-  HBITMAP       hBitmap;        /* handle for our bitmap */
-  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
-  BITMAP        bm;             /* bitmap properties */
-  unsigned int  size;           /* size of bitmap */
-  char          *bmbits;        /* contents of bitmap */
-  int           w;              /* screen width */
-  int           h;              /* screen height */
-  int           y;              /* y-coordinate of screen lines to grab */
-  int           n = 16;         /* number of screen lines to grab at a time */
-
-  /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
-  hMemDC = CreateCompatibleDC(hScrDC);
-
-  /* Get screen resolution */
-  w = GetDeviceCaps(hScrDC, HORZRES);
-  h = GetDeviceCaps(hScrDC, VERTRES);
-
-  /* Create a bitmap compatible with the screen DC */
-  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
-  /* Select new bitmap into memory DC */
-  hOldBitmap = SelectObject(hMemDC, hBitmap);
-
-  /* Get bitmap properties */
-  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
-  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
-  bmbits = Malloc(size);
-  if (bmbits) {
-    /* Now go through the whole screen, repeatedly grabbing n lines */
-    for (y = 0; y < h-n; y += n)
-        {
-        unsigned char md[MD_DIGEST_LENGTH];
-
-        /* Bitblt screen DC to memory DC */
-        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
-
-        /* Copy bitmap bits from memory DC to bmbits */
-        GetBitmapBits(hBitmap, size, bmbits);
-
-        /* Get the MD5 of the bitmap */
-        MD(bmbits,size,md);
-
-        /* Seed the random generator with the MD5 digest */
-        RAND_seed(md, MD_DIGEST_LENGTH);
-        }
-
-    Free(bmbits);
-  }
-
-  /* Select old bitmap back into memory DC */
-  hBitmap = SelectObject(hMemDC, hOldBitmap);
-
-  /* Clean up */
-  DeleteObject(hBitmap);
-  DeleteDC(hMemDC);
-  DeleteDC(hScrDC);
-}
-#endif
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h
index 2973ee90e4..eb9c8c034d 100644
--- a/src/lib/libssl/src/crypto/rand/rand.h
+++ b/src/lib/libssl/src/crypto/rand/rand.h
@@ -77,7 +77,9 @@ typedef struct rand_meth_st
 extern int rand_predictable;
 #endif
 
-void RAND_set_rand_method(RAND_METHOD *meth);
+struct engine_st;
+
+int RAND_set_rand_method(struct engine_st *meth);
 RAND_METHOD *RAND_get_rand_method(void );
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
@@ -90,12 +92,28 @@ int  RAND_write_file(const char *file);
 const char *RAND_file_name(char *file,int num);
 int RAND_status(void);
 int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path,int bytes);
+void ERR_load_RAND_strings(void);
+int RAND_poll(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
 #if defined(WINDOWS) || defined(WIN32)
 #include <windows.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 void RAND_screen(void);
 int RAND_event(UINT, WPARAM, LPARAM);
+
+#ifdef  __cplusplus
+}
+#endif
 #endif
-void    ERR_load_RAND_strings(void);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -110,8 +128,5 @@ void	ERR_load_RAND_strings(void);
 /* Reason codes. */
 #define RAND_R_PRNG_NOT_SEEDED                           100
 
-#ifdef  __cplusplus
-}
-#endif
 #endif
 
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index 380c7828c3..02a0d86fa3 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -64,6 +64,11 @@ int RAND_egd(const char *path)
         {
         return(-1);
         }
+
+int RAND_egd_bytes(const char *path,int bytes)
+        {
+        return(-1);
+        }
 #else
 #include <openssl/opensslconf.h>
 #include OPENSSL_UNISTD
@@ -107,4 +112,56 @@ int RAND_egd(const char *path)
         if (fd != -1) close(fd);
         return(ret);
         }
+
+int RAND_egd_bytes(const char *path,int bytes)
+        {
+        int ret = 0;
+        struct sockaddr_un addr;
+        int len, num;
+        int fd = -1;
+        unsigned char buf[255];
+
+        memset(&addr, 0, sizeof(addr));
+        addr.sun_family = AF_UNIX;
+        if (strlen(path) > sizeof(addr.sun_path))
+                return (-1);
+        strcpy(addr.sun_path,path);
+        len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+        fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (fd == -1) return (-1);
+        if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err;
+
+        while(bytes > 0)
+            {
+            buf[0] = 1;
+            buf[1] = bytes < 255 ? bytes : 255;
+            write(fd, buf, 2);
+            if (read(fd, buf, 1) != 1)
+                {
+                ret=-1;
+                goto err;
+                }
+            if(buf[0] == 0)
+                goto err;
+            num = read(fd, buf, buf[0]);
+            if (num < 1)
+                {
+                ret=-1;
+                goto err;
+                }
+            RAND_seed(buf, num);
+            if (RAND_status() != 1)
+                {
+                ret=-1;
+                goto err;
+                }
+            ret += num;
+            bytes-=num;
+            }
+ err:
+        if (fd != -1) close(fd);
+        return(ret);
+        }
+
+
 #endif
diff --git a/src/lib/libssl/src/crypto/rand/rand_lcl.h b/src/lib/libssl/src/crypto/rand/rand_lcl.h
new file mode 100644
index 0000000000..120e9366d2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/rand_lcl.h
@@ -0,0 +1,184 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RAND_LCL_H
+#define HEADER_RAND_LCL_H
+
+#define ENTROPY_NEEDED 20  /* require 160 bits = 20 bytes of randomness */
+
+
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#if !defined(NO_SHA) && !defined(NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(NO_MDC2) && !defined(NO_DES)
+#define USE_MDC2_RAND
+#elif !defined(NO_MD2)
+#define USE_MD2_RAND
+#else
+#error No message digest algorithm available
+#endif
+#endif
+
+#if defined(USE_MD5_RAND)
+#include <openssl/md5.h>
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD(a,b,c)               MD5(a,b,c)
+#elif defined(USE_SHA1_RAND)
+#include <openssl/sha.h>
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD(a,b,c)               SHA1(a,b,c)
+#elif defined(USE_MDC2_RAND)
+#include <openssl/mdc2.h>
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD(a,b,c)               MDC2(a,b,c)
+#elif defined(USE_MD2_RAND)
+#include <openssl/md2.h>
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD(a,b,c)               MD2(a,b,c)
+#endif
+#if defined(USE_MD5_RAND)
+#include <openssl/md5.h>
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD_CTX                  MD5_CTX
+#define MD_Init(a)              MD5_Init(a)
+#define MD_Update(a,b,c)        MD5_Update(a,b,c)
+#define MD_Final(a,b)           MD5_Final(a,b)
+#define MD(a,b,c)               MD5(a,b,c)
+#elif defined(USE_SHA1_RAND)
+#include <openssl/sha.h>
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD_CTX                  SHA_CTX
+#define MD_Init(a)              SHA1_Init(a)
+#define MD_Update(a,b,c)        SHA1_Update(a,b,c)
+#define MD_Final(a,b)           SHA1_Final(a,b)
+#define MD(a,b,c)               SHA1(a,b,c)
+#elif defined(USE_MDC2_RAND)
+#include <openssl/mdc2.h>
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD_CTX                  MDC2_CTX
+#define MD_Init(a)              MDC2_Init(a)
+#define MD_Update(a,b,c)        MDC2_Update(a,b,c)
+#define MD_Final(a,b)           MDC2_Final(a,b)
+#define MD(a,b,c)               MDC2(a,b,c)
+#elif defined(USE_MD2_RAND)
+#include <openssl/md2.h>
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD_CTX                  MD2_CTX
+#define MD_Init(a)              MD2_Init(a)
+#define MD_Update(a,b,c)        MD2_Update(a,b,c)
+#define MD_Final(a,b)           MD2_Final(a,b)
+#define MD(a,b,c)               MD2(a,b,c)
+#endif
+
+
+#endif
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index 7da74aab0e..57eff0f132 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -59,59 +59,78 @@
 #include <stdio.h>
 #include <time.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
-#ifdef NO_RAND
-static RAND_METHOD *rand_meth=NULL;
-#else
-extern RAND_METHOD rand_ssleay_meth;
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-#endif
+static ENGINE *rand_engine=NULL;
 
+#if 0
 void RAND_set_rand_method(RAND_METHOD *meth)
         {
         rand_meth=meth;
         }
+#else
+int RAND_set_rand_method(ENGINE *engine)
+        {
+        ENGINE *mtmp;
+        mtmp = rand_engine;
+        if (!ENGINE_init(engine))
+                return 0;
+        rand_engine = engine;
+        /* SHOULD ERROR CHECK THIS!!! */
+        ENGINE_finish(mtmp);
+        return 1;
+        }
+#endif
 
 RAND_METHOD *RAND_get_rand_method(void)
         {
-        return(rand_meth);
+        if (rand_engine == NULL
+                && (rand_engine = ENGINE_get_default_RAND()) == NULL)
+                return NULL;
+        return ENGINE_get_RAND(rand_engine);
         }
 
 void RAND_cleanup(void)
         {
-        if (rand_meth != NULL)
-                rand_meth->cleanup();
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->cleanup)
+                meth->cleanup();
         }
 
 void RAND_seed(const void *buf, int num)
         {
-        if (rand_meth != NULL)
-                rand_meth->seed(buf,num);
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->seed)
+                meth->seed(buf,num);
         }
 
 void RAND_add(const void *buf, int num, double entropy)
         {
-        if (rand_meth != NULL)
-                rand_meth->add(buf,num,entropy);
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->add)
+                meth->add(buf,num,entropy);
         }
 
 int RAND_bytes(unsigned char *buf, int num)
         {
-        if (rand_meth != NULL)
-                return rand_meth->bytes(buf,num);
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->bytes)
+                return meth->bytes(buf,num);
         return(-1);
         }
 
 int RAND_pseudo_bytes(unsigned char *buf, int num)
         {
-        if (rand_meth != NULL)
-                return rand_meth->pseudorand(buf,num);
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->pseudorand)
+                return meth->pseudorand(buf,num);
         return(-1);
         }
 
 int RAND_status(void)
         {
-        if (rand_meth != NULL)
-                return rand_meth->status();
+        RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->status)
+                return meth->status();
         return 0;
         }
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
new file mode 100644
index 0000000000..9f2dcff9a9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -0,0 +1,732 @@
+/* crypto/rand/rand_win.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(WINDOWS) || defined(WIN32)
+#include <windows.h>
+#ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+#endif
+#include <wincrypt.h>
+#include <tlhelp32.h>
+
+/* Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#define PROV_INTEL_SEC 22
+#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
+
+static void readtimer(void);
+static void readscreen(void);
+
+/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+   when WINVER is 0x0500 and up, which currently only happens on Win2000.
+   Unfortunately, those are typedefs, so they're a little bit difficult to
+   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
+   within the same conditional, so it can be use to detect the absence of said
+   typedefs. */
+
+#ifndef CURSOR_SHOWING
+/*
+ * Information about the global cursor.
+ */
+typedef struct tagCURSORINFO
+{
+    DWORD   cbSize;
+    DWORD   flags;
+    HCURSOR hCursor;
+    POINT   ptScreenPos;
+} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+
+#define CURSOR_SHOWING     0x00000001
+#endif /* CURSOR_SHOWING */
+
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
+                                    DWORD, DWORD);
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
+
+typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
+typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
+typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
+
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
+typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
+typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
+typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
+
+#include <lmcons.h>
+#include <lmstats.h>
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
+       * was added to the Platform SDK to allow the NET API to be used in
+       * non-Unicode applications provided that Unicode strings were still
+       * used for input.  LMSTR is defined as LPWSTR.
+       */
+typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
+typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
+#endif /* 1 */
+
+int RAND_poll(void)
+{
+        MEMORYSTATUS m;
+        HCRYPTPROV hProvider = 0;
+        BYTE buf[64];
+        DWORD w;
+        HWND h;
+
+        HMODULE advapi, kernel, user, netapi;
+        CRYPTACQUIRECONTEXT acquire = 0;
+        CRYPTGENRANDOM gen = 0;
+        CRYPTRELEASECONTEXT release = 0;
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+        NETSTATGET netstatget = 0;
+        NETFREE netfree = 0;
+#endif /* 1 */
+
+        /* Determine the OS version we are on so we can turn off things 
+         * that do not work properly.
+         */
+        OSVERSIONINFO osverinfo ;
+        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+        GetVersionEx( &osverinfo ) ;
+
+        /* load functions dynamically - not available on all systems */
+        advapi = LoadLibrary("ADVAPI32.DLL");
+        kernel = LoadLibrary("KERNEL32.DLL");
+        user = LoadLibrary("USER32.DLL");
+        netapi = LoadLibrary("NETAPI32.DLL");
+
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+        if (netapi)
+                {
+                netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
+                netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+                }
+
+        if (netstatget && netfree)
+                {
+                LPBYTE outbuf;
+                /* NetStatisticsGet() is a Unicode only function
+                 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+                 * contains 17 fields.  We treat each field as a source of
+                 * one byte of entropy.
+                 */
+
+                if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+                        netfree(outbuf);
+                        }
+                if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+                        netfree(outbuf);
+                        }
+                }
+
+        if (netapi)
+                FreeLibrary(netapi);
+#endif /* 1 */
+ 
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+         * Only use it on NT.
+         */
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                osverinfo.dwMajorVersion < 5)
+                {
+                /* Read Performance Statistics from NT/2000 registry
+                 * The size of the performance data can vary from call
+                 * to call so we must guess the size of the buffer to use
+                 * and increase its size if we get an ERROR_MORE_DATA
+                 * return instead of ERROR_SUCCESS.
+                 */
+                LONG   rc=ERROR_MORE_DATA;
+                char * buf=NULL;
+                DWORD bufsz=0;
+                DWORD length;
+
+                while (rc == ERROR_MORE_DATA)
+                        {
+                        buf = realloc(buf,bufsz+8192);
+                        if (!buf)
+                                break;
+                        bufsz += 8192;
+
+                        length = bufsz;
+                        rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+                                NULL, NULL, buf, &length);
+                        }
+                if (rc == ERROR_SUCCESS)
+                        {
+                        /* For entropy count assume only least significant
+                         * byte of each DWORD is random.
+                         */
+                        RAND_add(&length, sizeof(length), 0);
+                        RAND_add(buf, length, length / 4.0);
+                        }
+                if (buf)
+                        free(buf);
+                }
+
+        if (advapi)
+                {
+                acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
+                        "CryptAcquireContextA");
+                gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
+                        "CryptGenRandom");
+                release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+                        "CryptReleaseContext");
+                }
+
+        if (acquire && gen && release)
+                {
+                /* poll the CryptoAPI PRNG */
+                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+                if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
+                        CRYPT_VERIFYCONTEXT))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), sizeof(buf));
+#ifdef DEBUG
+                                printf("randomness from PROV_RSA_FULL\n");
+#endif
+                                }
+                        release(hProvider, 0); 
+                        }
+                
+                /* poll the Pentium PRG with CryptoAPI */
+                if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), sizeof(buf));
+#ifdef DEBUG
+                                printf("randomness from PROV_INTEL_SEC\n");
+#endif
+                                }
+                        release(hProvider, 0);
+                        }
+                }
+
+        if (advapi)
+                FreeLibrary(advapi);
+
+        /* timer data */
+        readtimer();
+        
+        /* memory usage statistics */
+        GlobalMemoryStatus(&m);
+        RAND_add(&m, sizeof(m), 1);
+
+        /* process ID */
+        w = GetCurrentProcessId();
+        RAND_add(&w, sizeof(w), 1);
+
+        if (user)
+                {
+                GETCURSORINFO cursor;
+                GETFOREGROUNDWINDOW win;
+                GETQUEUESTATUS queue;
+
+                win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
+                cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+                queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+
+                if (win)
+                        {
+                        /* window handle */
+                        h = win();
+                        RAND_add(&h, sizeof(h), 0);
+                        }
+                if (cursor)
+                        {
+                        /* unfortunately, its not safe to call GetCursorInfo()
+                         * on NT4 even though it exists in SP3 (or SP6) and
+                         * higher.
+                         */
+                        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                                osverinfo.dwMajorVersion < 5)
+                                cursor = 0;
+                        }
+                if (cursor)
+                        {
+                        /* cursor position */
+                        /* assume 2 bytes of entropy */
+                        CURSORINFO ci;
+                        ci.cbSize = sizeof(CURSORINFO);
+                        if (cursor(&ci))
+                                RAND_add(&ci, ci.cbSize, 2);
+                        }
+
+                if (queue)
+                        {
+                        /* message queue status */
+                        /* assume 1 byte of entropy */
+                        w = queue(QS_ALLEVENTS);
+                        RAND_add(&w, sizeof(w), 1);
+                        }
+
+                FreeLibrary(user);
+                }
+
+        /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+         * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+         * (Win 9x and 2000 only, not available on NT)
+         *
+         * This seeding method was proposed in Peter Gutmann, Software
+         * Generation of Practically Strong Random Numbers,
+         * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+     * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+         * (The assignment of entropy estimates below is arbitrary, but based
+         * on Peter's analysis the full poll appears to be safe. Additional
+         * interactive seeding is encouraged.)
+         */
+
+        if (kernel)
+                {
+                CREATETOOLHELP32SNAPSHOT snap;
+                HANDLE handle;
+
+                HEAP32FIRST heap_first;
+                HEAP32NEXT heap_next;
+                HEAP32LIST heaplist_first, heaplist_next;
+                PROCESS32 process_first, process_next;
+                THREAD32 thread_first, thread_next;
+                MODULE32 module_first, module_next;
+
+                HEAPLIST32 hlist;
+                HEAPENTRY32 hentry;
+                PROCESSENTRY32 p;
+                THREADENTRY32 t;
+                MODULEENTRY32 m;
+
+                snap = (CREATETOOLHELP32SNAPSHOT)
+                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+                heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+                heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+                heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+                heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+                process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
+                process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
+                thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+                thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+                module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+                module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+
+                if (snap && heap_first && heap_next && heaplist_first &&
+                        heaplist_next && process_first && process_next &&
+                        thread_first && thread_next && module_first &&
+                        module_next && (handle = snap(TH32CS_SNAPALL,0))
+                        != NULL)
+                        {
+                        /* heap list and heap walking */
+                        /* HEAPLIST32 contains 3 fields that will change with
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         * HEAPENTRY32 contains 5 fields that will change with 
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         */
+                        hlist.dwSize = sizeof(HEAPLIST32);              
+                        if (heaplist_first(handle, &hlist))
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 50;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                        && --entrycnt > 0);
+                                                }
+                                        } while (heaplist_next(handle,
+                                                &hlist));
+                        
+                        /* process walking */
+                        /* PROCESSENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        p.dwSize = sizeof(PROCESSENTRY32);
+                        if (process_first(handle, &p))
+                                do
+                                        RAND_add(&p, p.dwSize, 9);
+                                while (process_next(handle, &p));
+
+                        /* thread walking */
+                        /* THREADENTRY32 contains 6 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        t.dwSize = sizeof(THREADENTRY32);
+                        if (thread_first(handle, &t))
+                                do
+                                        RAND_add(&t, t.dwSize, 6);
+                                while (thread_next(handle, &t));
+
+                        /* module walking */
+                        /* MODULEENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        m.dwSize = sizeof(MODULEENTRY32);
+                        if (module_first(handle, &m))
+                                do
+                                        RAND_add(&m, m.dwSize, 9);
+                                while (module_next(handle, &m));
+
+                        CloseHandle(handle);
+                        }
+
+                FreeLibrary(kernel);
+                }
+
+#ifdef DEBUG
+        printf("Exiting RAND_poll\n");
+#endif
+
+        return(1);
+}
+
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+        {
+        double add_entropy=0;
+
+        switch (iMsg)
+                {
+        case WM_KEYDOWN:
+                        {
+                        static WPARAM key;
+                        if (key != wParam)
+                                add_entropy = 0.05;
+                        key = wParam;
+                        }
+                        break;
+        case WM_MOUSEMOVE:
+                        {
+                        static int lastx,lasty,lastdx,lastdy;
+                        int x,y,dx,dy;
+
+                        x=LOWORD(lParam);
+                        y=HIWORD(lParam);
+                        dx=lastx-x;
+                        dy=lasty-y;
+                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
+                                add_entropy=.2;
+                        lastx=x, lasty=y;
+                        lastdx=dx, lastdy=dy;
+                        }
+                break;
+                }
+
+        readtimer();
+        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+        RAND_add(&wParam, sizeof(wParam), 0);
+        RAND_add(&lParam, sizeof(lParam), 0);
+ 
+        return (RAND_status());
+        }
+
+
+void RAND_screen(void) /* function available for backward compatibility */
+{
+        RAND_poll();
+        readscreen();
+}
+
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+        DWORD w;
+        LARGE_INTEGER l;
+        static int have_perfc = 1;
+#ifndef __GNUC__
+        static int have_tsc = 1;
+        DWORD cyclecount;
+
+        if (have_tsc) {
+          __try {
+            __asm {
+              rdtsc
+              mov cyclecount, eax
+              }
+            RAND_add(&cyclecount, sizeof(cyclecount), 1);
+          } __except(EXCEPTION_EXECUTE_HANDLER) {
+            have_tsc = 0;
+          }
+        }
+#else
+# define have_tsc 0
+#endif
+
+        if (have_perfc) {
+          if (QueryPerformanceCounter(&l) == 0)
+            have_perfc = 0;
+          else
+            RAND_add(&l, sizeof(l), 0);
+        }
+
+        if (!have_tsc && !have_perfc) {
+          w = GetTickCount();
+          RAND_add(&w, sizeof(w), 0);
+        }
+}
+
+/* feed screen contents to PRNG */
+/*****************************************************************************
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * the original copyright message is:
+ *
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
+ */
+
+static void readscreen(void)
+{
+  HDC           hScrDC;         /* screen DC */
+  HDC           hMemDC;         /* memory DC */
+  HBITMAP       hBitmap;        /* handle for our bitmap */
+  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
+  BITMAP        bm;             /* bitmap properties */
+  unsigned int  size;           /* size of bitmap */
+  char          *bmbits;        /* contents of bitmap */
+  int           w;              /* screen width */
+  int           h;              /* screen height */
+  int           y;              /* y-coordinate of screen lines to grab */
+  int           n = 16;         /* number of screen lines to grab at a time */
+
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+  bmbits = OPENSSL_malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+        {
+        unsigned char md[MD_DIGEST_LENGTH];
+
+        /* Bitblt screen DC to memory DC */
+        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+        /* Copy bitmap bits from memory DC to bmbits */
+        GetBitmapBits(hBitmap, size, bmbits);
+
+        /* Get the hash of the bitmap */
+        MD(bmbits,size,md);
+
+        /* Seed the random generator with the hash value */
+        RAND_add(md, MD_DIGEST_LENGTH, 0);
+        }
+
+    OPENSSL_free(bmbits);
+  }
+
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+}
+
+#else /* Unix version */
+
+#include <time.h>
+
+int RAND_poll(void)
+{
+        unsigned long l;
+        pid_t curr_pid = getpid();
+#ifdef DEVRANDOM
+        FILE *fh;
+#endif
+
+#ifdef DEVRANDOM
+        /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+         * have this. Use /dev/urandom if you can as /dev/random may block
+         * if it runs out of random entries.  */
+
+        if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+                {
+                unsigned char tmpbuf[ENTROPY_NEEDED];
+                int n;
+                
+                setvbuf(fh, NULL, _IONBF, 0);
+                n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
+                fclose(fh);
+                RAND_add(tmpbuf,sizeof tmpbuf,n);
+                memset(tmpbuf,0,n);
+                }
+#endif
+
+        /* put in some default random data, we need more than just this */
+        l=curr_pid;
+        RAND_add(&l,sizeof(l),0);
+        l=getuid();
+        RAND_add(&l,sizeof(l),0);
+
+        l=time(NULL);
+        RAND_add(&l,sizeof(l),0);
+
+#ifdef DEVRANDOM
+        return 1;
+#endif
+        return 0;
+}
+
+#endif
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index c6ff27be0e..29718bdb9d 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -61,8 +61,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
-
 #ifdef VMS
 #include <unixio.h>
 #endif
@@ -75,6 +73,7 @@
 # include <sys/stat.h>
 #endif
 
+#include <openssl/e_os.h>
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 
@@ -139,7 +138,7 @@ err:
 int RAND_write_file(const char *file)
         {
         unsigned char buf[BUFSIZE];
-        int i,ret=0,err=0;
+        int i,ret=0,rand_err=0;
         FILE *out = NULL;
         int n;
         struct stat sb;
@@ -156,18 +155,18 @@ int RAND_write_file(const char *file)
           }
         }
 
-#if defined(O_CREAT) && defined(O_EXCL) && !defined(WIN32)
+#if defined(O_CREAT) && !defined(WIN32)
         /* For some reason Win32 can't write to files created this way */
-
-        /* chmod(..., 0600) is too late to protect the file,
-         * permissions should be restrictive from the start */
-        int fd = open(file, O_CREAT | O_EXCL, 0600);
-        if (fd != -1)
-                out = fdopen(fd, "wb");
+        
+        /* chmod(..., 0600) is too late to protect the file,
+         * permissions should be restrictive from the start */
+        int fd = open(file, O_CREAT, 0600);
+        if (fd != -1)
+                out = fdopen(fd, "wb");
 #endif
-        if (out == NULL)
-                out = fopen(file,"wb");
-        if (out == NULL) goto err;
+        if (out == NULL)
+                out = fopen(file,"wb");
+        if (out == NULL) goto err;
 
 #ifndef NO_CHMOD
         chmod(file,0600);
@@ -178,7 +177,7 @@ int RAND_write_file(const char *file)
                 i=(n > BUFSIZE)?BUFSIZE:n;
                 n-=BUFSIZE;
                 if (RAND_bytes(buf,i) <= 0)
-                        err=1;
+                        rand_err=1;
                 i=fwrite(buf,1,i,out);
                 if (i <= 0)
                         {
@@ -194,7 +193,7 @@ int RAND_write_file(const char *file)
         {
         char *tmpf;
 
-        tmpf = Malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
+        tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
         if (tmpf)
                 {
                 strcpy(tmpf, file);
@@ -211,7 +210,7 @@ int RAND_write_file(const char *file)
         fclose(out);
         memset(buf,0,BUFSIZE);
 err:
-        return(err ? -1 : ret);
+        return (rand_err ? -1 : ret);
         }
 
 const char *RAND_file_name(char *buf, int size)
diff --git a/src/lib/libssl/src/crypto/rc2/rc2.h b/src/lib/libssl/src/crypto/rc2/rc2.h
index 9571efb755..076c0a067c 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2.h
+++ b/src/lib/libssl/src/crypto/rc2/rc2.h
@@ -59,10 +59,6 @@
 #ifndef HEADER_RC2_H
 #define HEADER_RC2_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_RC2
 #error RC2 is disabled.
 #endif
@@ -74,23 +70,29 @@ extern "C" {
 #define RC2_BLOCK       8
 #define RC2_KEY_LENGTH  16
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct rc2_key_st
         {
         RC2_INT data[64];
         } RC2_KEY;
 
  
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
-void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
-        int enc);
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
+                     int enc);
 void RC2_encrypt(unsigned long *data,RC2_KEY *key);
 void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
         RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-        RC2_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-        RC2_KEY *schedule, unsigned char *ivec, int *num);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_cbc.c b/src/lib/libssl/src/crypto/rc2/rc2_cbc.c
index 1202184e85..74f48d3d87 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_cbc.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_cbc.c
@@ -59,7 +59,7 @@
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
              RC2_KEY *ks, unsigned char *iv, int encrypt)
         {
         register unsigned long tin0,tin1;
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_ecb.c b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c
index 7d77b9186c..d3e8c2718a 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_ecb.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c
@@ -70,8 +70,8 @@ const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
  * Date: 11 Feb 1996 06:45:03 GMT
  */
 
-void RC2_ecb_encrypt(unsigned char *in, unsigned char *out, RC2_KEY *ks,
-             int encrypt)
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+                     int encrypt)
         {
         unsigned long l,d[2];
 
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
index 7143c4e591..cab3080c73 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -90,7 +90,7 @@ static unsigned char key_table[256]={
  * BSAFE uses the 'retarded' version.  What I previously shipped is
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data, int bits)
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
         {
         int i,j;
         unsigned char *k;
diff --git a/src/lib/libssl/src/crypto/rc2/rc2cfb64.c b/src/lib/libssl/src/crypto/rc2/rc2cfb64.c
index 5e3fa07d90..b3a0158a6e 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2cfb64.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2cfb64.c
@@ -64,8 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-             RC2_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
         {
         register unsigned long v0,v1,t;
         register int n= *num;
diff --git a/src/lib/libssl/src/crypto/rc2/rc2ofb64.c b/src/lib/libssl/src/crypto/rc2/rc2ofb64.c
index 42cdd40cdd..9e297867ed 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2ofb64.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2ofb64.c
@@ -63,8 +63,9 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-             RC2_KEY *schedule, unsigned char *ivec, int *num)
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
         {
         register unsigned long v0,v1,t;
         register int n= *num;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h
index 8556dddab0..40251024a4 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4.h
+++ b/src/lib/libssl/src/crypto/rc4/rc4.h
@@ -59,16 +59,16 @@
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #ifdef NO_RC4
 #error RC4 is disabled.
 #endif
 
 #include <openssl/opensslconf.h> /* RC4_INT */
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct rc4_key_st
         {
         RC4_INT x,y;
diff --git a/src/lib/libssl/src/crypto/rc5/rc5.h b/src/lib/libssl/src/crypto/rc5/rc5.h
index 38e901502b..fc4cea5e36 100644
--- a/src/lib/libssl/src/crypto/rc5/rc5.h
+++ b/src/lib/libssl/src/crypto/rc5/rc5.h
@@ -93,18 +93,21 @@ typedef struct rc5_key_st
         } RC5_32_KEY;
 
  
-void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
         int rounds);
-void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
         int enc);
 void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
 void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
-void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-        RC5_32_KEY *ks, unsigned char *iv, int enc);
-void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-        RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-        RC5_32_KEY *schedule, unsigned char *ivec, int *num);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
index 6ada9f067b..de01a953ec 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -22,7 +22,7 @@ CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
 TEST=rmdtest.c
-APPS=rmd160.c
+APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=rmd_dgst.c rmd_one.c
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile.ssl b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
index 7b3960e70d..c159eedafe 100644
--- a/src/lib/libssl/src/crypto/rsa/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
@@ -80,64 +80,97 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/symhacks.h
+rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_eay.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_eay.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_eay.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_eay.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eay.o: ../../include/openssl/stack.h ../cryptlib.h
-rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
+rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
 rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_err.o: ../../include/openssl/symhacks.h
 rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
-rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rsa_gen.o: ../cryptlib.h
-rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_none.o: ../../include/openssl/opensslconf.h
 rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_none.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_none.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_none.o: ../cryptlib.h
 rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_null.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_null.o: ../../include/openssl/opensslconf.h
 rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_null.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_null.o: ../cryptlib.h
 rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
 rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_oaep.o: ../cryptlib.h
+rsa_oaep.o: ../../include/openssl/symhacks.h ../cryptlib.h
 rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_pk1.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h
 rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -145,37 +178,43 @@ rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/opensslconf.h
 rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_saos.o: ../cryptlib.h
+rsa_saos.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_saos.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 rsa_sign.o: ../cryptlib.h
 rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_ssl.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_ssl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index f9f9b5cfe9..bda636a365 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -59,10 +59,9 @@
 #ifndef HEADER_RSA_H
 #define HEADER_RSA_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef NO_BIO
+#include <openssl/bio.h>
 #endif
-
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
 
@@ -70,6 +69,10 @@ extern "C" {
 #error RSA is disabled.
 #endif
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct rsa_st RSA;
 
 typedef struct rsa_meth_st
@@ -111,7 +114,11 @@ struct rsa_st
          * this is passed instead of aEVP_PKEY, it is set to 0 */
         int pad;
         int version;
+#if 0
         RSA_METHOD *meth;
+#else
+        struct engine_st *engine;
+#endif
         BIGNUM *n;
         BIGNUM *e;
         BIGNUM *d;
@@ -165,7 +172,11 @@ struct rsa_st
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 RSA *   RSA_new(void);
+#if 0
 RSA *   RSA_new_method(RSA_METHOD *method);
+#else
+RSA *   RSA_new_method(struct engine_st *engine);
+#endif
 int     RSA_size(RSA *);
 RSA *   RSA_generate_key(int bits, unsigned long e,void
                 (*callback)(int,int,void *),void *cb_arg);
@@ -183,10 +194,14 @@ void	RSA_free (RSA *r);
 
 int     RSA_flags(RSA *r);
 
-void RSA_set_default_method(RSA_METHOD *meth);
-RSA_METHOD *RSA_get_default_method(void);
+void RSA_set_default_openssl_method(RSA_METHOD *meth);
+RSA_METHOD *RSA_get_default_openssl_method(void);
 RSA_METHOD *RSA_get_method(RSA *rsa);
+#if 0
 RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+#else
+int RSA_set_method(RSA *rsa, struct engine_st *engine);
+#endif
 
 /* This function needs the memory locking malloc callbacks to be installed */
 int RSA_memory_lock(RSA *r);
@@ -209,10 +224,14 @@ int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
 int     RSA_print_fp(FILE *fp, RSA *r,int offset);
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     RSA_print(BIO *bp, RSA *r,int offset);
 #endif
 
+int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
+
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
 RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
 /* Naughty internal function required elsewhere, to handle a MS structure
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index b7d2460754..8b8a1e279a 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
 #ifndef RSA_NULL
 
@@ -97,16 +98,18 @@ RSA_METHOD *RSA_PKCS1_SSLeay(void)
 static int RSA_eay_public_encrypt(int flen, unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
+        const RSA_METHOD *meth;
         BIGNUM f,ret;
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
+        meth = ENGINE_get_RSA(rsa->engine);
         BN_init(&f);
         BN_init(&ret);
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 {
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -143,7 +146,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
                             goto err;
                 }
 
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
 
         /* put in leading 0 bytes if the number is less than the
@@ -161,7 +164,7 @@ err:
         if (buf != NULL) 
                 {
                 memset(buf,0,num);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         return(r);
         }
@@ -169,17 +172,19 @@ err:
 static int RSA_eay_private_encrypt(int flen, unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
+        const RSA_METHOD *meth;
         BIGNUM f,ret;
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
+        meth = ENGINE_get_RSA(rsa->engine);
         BN_init(&f);
         BN_init(&ret);
 
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 {
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -213,10 +218,10 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
                 (rsa->dmp1 != NULL) &&
                 (rsa->dmq1 != NULL) &&
                 (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
         else
                 {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
                 }
 
         if (rsa->flags & RSA_FLAG_BLINDING)
@@ -237,7 +242,7 @@ err:
         if (buf != NULL)
                 {
                 memset(buf,0,num);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         return(r);
         }
@@ -245,12 +250,14 @@ err:
 static int RSA_eay_private_decrypt(int flen, unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
+        const RSA_METHOD *meth;
         BIGNUM f,ret;
         int j,num=0,r= -1;
         unsigned char *p;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
+        meth = ENGINE_get_RSA(rsa->engine);
         BN_init(&f);
         BN_init(&ret);
         ctx=BN_CTX_new();
@@ -258,7 +265,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 
         num=BN_num_bytes(rsa->n);
 
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 {
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -287,10 +294,10 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
                 (rsa->dmp1 != NULL) &&
                 (rsa->dmq1 != NULL) &&
                 (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
         else
                 {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
                         goto err;
                 }
 
@@ -330,7 +337,7 @@ err:
         if (buf != NULL)
                 {
                 memset(buf,0,num);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         return(r);
         }
@@ -338,19 +345,21 @@ err:
 static int RSA_eay_public_decrypt(int flen, unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
+        const RSA_METHOD *meth;
         BIGNUM f,ret;
         int i,num=0,r= -1;
         unsigned char *p;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
+        meth = ENGINE_get_RSA(rsa->engine);
         BN_init(&f);
         BN_init(&ret);
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
 
         num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)Malloc(num);
+        buf=(unsigned char *)OPENSSL_malloc(num);
         if (buf == NULL)
                 {
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
@@ -374,7 +383,7 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
                             goto err;
                 }
 
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
 
         p=buf;
@@ -402,17 +411,19 @@ err:
         if (buf != NULL)
                 {
                 memset(buf,0,num);
-                Free(buf);
+                OPENSSL_free(buf);
                 }
         return(r);
         }
 
 static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
         {
+        const RSA_METHOD *meth;
         BIGNUM r1,m1;
         int ret=0;
         BN_CTX *ctx;
 
+        meth = ENGINE_get_RSA(rsa->engine);
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         BN_init(&m1);
         BN_init(&r1);
@@ -436,11 +447,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
                 }
 
         if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+        if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
                 rsa->_method_mod_q)) goto err;
 
         if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+        if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
                 rsa->_method_mod_p)) goto err;
 
         if (!BN_sub(r0,r0,&m1)) goto err;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index 95e636d3f0..00c25adbc5 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -95,7 +95,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
          * unsigned long can be larger */
         for (i=0; i<sizeof(unsigned long)*8; i++)
                 {
-                if (e_value & (1<<i))
+                if (e_value & (1UL<<i))
                         BN_set_bit(rsa->e,i);
                 }
 #else
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index 074a4f5074..5e1e8fcdf3 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -62,6 +62,7 @@
 #include <openssl/lhash.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/engine.h>
 
 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
@@ -74,21 +75,49 @@ RSA *RSA_new(void)
         return(RSA_new_method(NULL));
         }
 
-void RSA_set_default_method(RSA_METHOD *meth)
+void RSA_set_default_openssl_method(RSA_METHOD *meth)
         {
-        default_RSA_meth=meth;
+        ENGINE *e;
+        /* We'll need to notify the "openssl" ENGINE of this
+         * change too. We won't bother locking things down at
+         * our end as there was never any locking in these
+         * functions! */
+        if(default_RSA_meth != meth)
+                {
+                default_RSA_meth = meth;
+                e = ENGINE_by_id("openssl");
+                if(e)
+                        {
+                        ENGINE_set_RSA(e, meth);
+                        ENGINE_free(e);
+                        }
+                }
         }
 
-RSA_METHOD *RSA_get_default_method(void)
+RSA_METHOD *RSA_get_default_openssl_method(void)
 {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#ifdef RSAref
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+
         return default_RSA_meth;
 }
 
 RSA_METHOD *RSA_get_method(RSA *rsa)
 {
-        return rsa->meth;
+        return ENGINE_get_RSA(rsa->engine);
 }
 
+#if 0
 RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
 {
         RSA_METHOD *mtmp;
@@ -98,34 +127,52 @@ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
         if (meth->init) meth->init(rsa);
         return mtmp;
 }
+#else
+int RSA_set_method(RSA *rsa, ENGINE *engine)
+{
+        ENGINE *mtmp;
+        RSA_METHOD *meth;
+        mtmp = rsa->engine;
+        meth = ENGINE_get_RSA(mtmp);
+        if (!ENGINE_init(engine))
+                return 0;
+        if (meth->finish) meth->finish(rsa);
+        rsa->engine = engine;
+        meth = ENGINE_get_RSA(engine);
+        if (meth->init) meth->init(rsa);
+        /* SHOULD ERROR CHECK THIS!!! */
+        ENGINE_finish(mtmp);
+        return 1;
+}
+#endif
 
+#if 0
 RSA *RSA_new_method(RSA_METHOD *meth)
+#else
+RSA *RSA_new_method(ENGINE *engine)
+#endif
         {
+        RSA_METHOD *meth;
         RSA *ret;
 
-        if (default_RSA_meth == NULL)
-                {
-#ifdef RSA_NULL
-                default_RSA_meth=RSA_null_method();
-#else
-#ifdef RSAref
-                default_RSA_meth=RSA_PKCS1_RSAref();
-#else
-                default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                }
-        ret=(RSA *)Malloc(sizeof(RSA));
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
         if (ret == NULL)
                 {
                 RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
                 return(NULL);
                 }
 
-        if (meth == NULL)
-                ret->meth=default_RSA_meth;
+        if (engine == NULL)
+                {
+                if((ret->engine=ENGINE_get_default_RSA()) == NULL)
+                        {
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
         else
-                ret->meth=meth;
+                ret->engine=engine;
+        meth = ENGINE_get_RSA(ret->engine);
 
         ret->pad=0;
         ret->version=0;
@@ -143,10 +190,10 @@ RSA *RSA_new_method(RSA_METHOD *meth)
         ret->_method_mod_q=NULL;
         ret->blinding=NULL;
         ret->bignum_data=NULL;
-        ret->flags=ret->meth->flags;
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+        ret->flags=meth->flags;
+        if ((meth->init != NULL) && !meth->init(ret))
                 {
-                Free(ret);
+                OPENSSL_free(ret);
                 ret=NULL;
                 }
         else
@@ -156,6 +203,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 
 void RSA_free(RSA *r)
         {
+        RSA_METHOD *meth;
         int i;
 
         if (r == NULL) return;
@@ -175,8 +223,10 @@ void RSA_free(RSA *r)
 
         CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
 
-        if (r->meth->finish != NULL)
-                r->meth->finish(r);
+        meth = ENGINE_get_RSA(r->engine);
+        if (meth->finish != NULL)
+                meth->finish(r);
+        ENGINE_finish(r->engine);
 
         if (r->n != NULL) BN_clear_free(r->n);
         if (r->e != NULL) BN_clear_free(r->e);
@@ -187,8 +237,8 @@ void RSA_free(RSA *r)
         if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
         if (r->iqmp != NULL) BN_clear_free(r->iqmp);
         if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-        if (r->bignum_data != NULL) Free_locked(r->bignum_data);
-        Free(r);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
         }
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
@@ -217,30 +267,34 @@ int RSA_size(RSA *r)
 int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+        return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
+                from, to, rsa, padding));
         }
 
 int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+        return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
+                from, to, rsa, padding));
         }
 
 int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+        return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
+                from, to, rsa, padding));
         }
 
 int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+        return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
+                from, to, rsa, padding));
         }
 
 int RSA_flags(RSA *r)
         {
-        return((r == NULL)?0:r->meth->flags);
+        return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
         }
 
 void RSA_blinding_off(RSA *rsa)
@@ -274,7 +328,8 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
         if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
         if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+        if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
+                rsa->e,rsa->n,ctx,rsa->_method_mod_n))
             goto err;
         rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
         rsa->flags|=RSA_FLAG_BLINDING;
@@ -305,7 +360,7 @@ int RSA_memory_lock(RSA *r)
         j=1;
         for (i=0; i<6; i++)
                 j+= (*t[i])->top;
-        if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
                 {
                 RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
                 return(0);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index 1465c01f4f..fd0b7f361f 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -34,7 +34,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
         return (0);
         }
     
-    dbmask = Malloc(emlen - SHA_DIGEST_LENGTH);
+    dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
     if (dbmask == NULL)
         {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
@@ -66,7 +66,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
     for (i = 0; i < SHA_DIGEST_LENGTH; i++)
         seed[i] ^= seedmask[i];
 
-    Free(dbmask);
+    OPENSSL_free(dbmask);
     return (1);
     }
 
@@ -86,7 +86,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         }
 
     dblen = num - SHA_DIGEST_LENGTH;
-    db = Malloc(dblen);
+    db = OPENSSL_malloc(dblen);
     if (db == NULL)
         {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
@@ -128,7 +128,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                 memcpy(to, db + i, mlen);
             }
         }
-    Free(db);
+    OPENSSL_free(db);
     return (mlen);
     }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_saos.c b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
index 61efb0b00f..c77f4381ff 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_saos.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
@@ -81,7 +81,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
                 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return(0);
                 }
-        s=(unsigned char *)Malloc((unsigned int)j+1);
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
         if (s == NULL)
                 {
                 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
                 *siglen=i;
 
         memset(s,0,(unsigned int)j+1);
-        Free(s);
+        OPENSSL_free(s);
         return(ret);
         }
 
@@ -114,7 +114,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
                 return(0);
                 }
 
-        s=(unsigned char *)Malloc((unsigned int)siglen);
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
         if (s == NULL)
                 {
                 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -138,7 +138,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
 err:
         if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
         memset(s,0,(unsigned int)siglen);
-        Free(s);
+        OPENSSL_free(s);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index 05bb7fb74a..cf00876292 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/engine.h>
 
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
@@ -76,7 +77,8 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
         X509_ALGOR algor;
         ASN1_OCTET_STRING digest;
         if(rsa->flags & RSA_FLAG_SIGN_VER)
-              return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+              return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+                        m, m_len, sigret, siglen, rsa);
         /* Special case: SSL signature, just check the length */
         if(type == NID_md5_sha1) {
                 if(m_len != SSL_SIG_LENGTH) {
@@ -115,7 +117,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
                 return(0);
                 }
         if(type != NID_md5_sha1) {
-                s=(unsigned char *)Malloc((unsigned int)j+1);
+                s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
                 if (s == NULL)
                         {
                         RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
@@ -132,7 +134,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 
         if(type != NID_md5_sha1) {
                 memset(s,0,(unsigned int)j+1);
-                Free(s);
+                OPENSSL_free(s);
         }
         return(ret);
         }
@@ -151,9 +153,10 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
                 }
 
         if(rsa->flags & RSA_FLAG_SIGN_VER)
-            return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+            return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+                        m, m_len, sigbuf, siglen, rsa);
 
-        s=(unsigned char *)Malloc((unsigned int)siglen);
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
         if (s == NULL)
                 {
                 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -215,7 +218,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
 err:
         if (sig != NULL) X509_SIG_free(sig);
         memset(s,0,(unsigned int)siglen);
-        Free(s);
+        OPENSSL_free(s);
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
index 81a857c813..482f4a8273 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
@@ -134,7 +134,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
                 {
                 if (p[k] !=  0x03) break;
                 }
-        if (k == 0)
+        if (k == -1)
                 {
                 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
                 return(-1);
diff --git a/src/lib/libssl/src/crypto/stack/Makefile.ssl b/src/lib/libssl/src/crypto/stack/Makefile.ssl
index 64a93b33ac..86ed928750 100644
--- a/src/lib/libssl/src/crypto/stack/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/stack/Makefile.ssl
@@ -81,6 +81,7 @@ clean:
 stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 stack.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h
index 38934981e3..9fa63e1be5 100644
--- a/src/lib/libssl/src/crypto/stack/safestack.h
+++ b/src/lib/libssl/src/crypto/stack/safestack.h
@@ -57,73 +57,1078 @@
 
 #include <openssl/stack.h>
 
-#define STACK_OF(type)  STACK_##type
+#ifdef DEBUG_SAFESTACK
+
+#define STACK_OF(type) struct stack_st_##type
+#define PREDECLARE_STACK_OF(type) STACK_OF(type);
 
 #define DECLARE_STACK_OF(type) \
-typedef struct stack_st_##type  \
+STACK_OF(type) \
     { \
     STACK stack; \
-    } STACK_OF(type); \
-STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \
-STACK_OF(type) *sk_##type##_new_null(void); \
-void sk_##type##_free(STACK_OF(type) *sk); \
-int sk_##type##_num(const STACK_OF(type) *sk); \
-type *sk_##type##_value(const STACK_OF(type) *sk,int n); \
-type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \
-void sk_##type##_zero(STACK_OF(type) *sk); \
-int sk_##type##_push(STACK_OF(type) *sk,type *v); \
-int sk_##type##_unshift(STACK_OF(type) *sk,type *v); \
-int sk_##type##_find(STACK_OF(type) *sk,type *v); \
-type *sk_##type##_delete(STACK_OF(type) *sk,int n); \
-void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \
-int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \
-int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
-                               int (*cmp)(type **,type **)))(type **,type **); \
-STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \
-void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \
-type *sk_##type##_shift(STACK_OF(type) *sk); \
-type *sk_##type##_pop(STACK_OF(type) *sk); \
-void sk_##type##_sort(STACK_OF(type) *sk);
-
-#define IMPLEMENT_STACK_OF(type) \
-STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \
-    { return (STACK_OF(type) *)sk_new(cmp); } \
-STACK_OF(type) *sk_##type##_new_null() \
-    { return (STACK_OF(type) *)sk_new_null(); } \
-void sk_##type##_free(STACK_OF(type) *sk) \
-    { sk_free((STACK *)sk); } \
-int sk_##type##_num(const STACK_OF(type) *sk) \
-    { return M_sk_num((const STACK *)sk); } \
-type *sk_##type##_value(const STACK_OF(type) *sk,int n) \
-    { return (type *)sk_value((STACK *)sk,n); } \
-type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \
-    { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \
-void sk_##type##_zero(STACK_OF(type) *sk) \
-    { sk_zero((STACK *)sk); } \
-int sk_##type##_push(STACK_OF(type) *sk,type *v) \
-    { return sk_push((STACK *)sk,(char *)v); } \
-int sk_##type##_unshift(STACK_OF(type) *sk,type *v) \
-    { return sk_unshift((STACK *)sk,(char *)v); } \
-int sk_##type##_find(STACK_OF(type) *sk,type *v) \
-    { return sk_find((STACK *)sk,(char *)v); } \
-type *sk_##type##_delete(STACK_OF(type) *sk,int n) \
-    { return (type *)sk_delete((STACK *)sk,n); } \
-void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \
-    { sk_delete_ptr((STACK *)sk,(char *)v); } \
-int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \
-    { return sk_insert((STACK *)sk,(char *)v,n); } \
-int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
-                               int (*cmp)(type **,type **)))(type **,type **) \
-    { return (int (*)(type **,type **))sk_set_cmp_func((STACK *)sk,cmp); } \
-STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \
-    { return (STACK_OF(type) *)sk_dup((STACK *)sk); } \
-void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)) \
-    { sk_pop_free((STACK *)sk,func); } \
-type *sk_##type##_shift(STACK_OF(type) *sk) \
-    { return (type *)sk_shift((STACK *)sk); } \
-type *sk_##type##_pop(STACK_OF(type) *sk) \
-    { return (type *)sk_pop((STACK *)sk); } \
-void sk_##type##_sort(STACK_OF(type) *sk) \
-    { sk_sort((STACK *)sk); }
-
-#endif /* ndef HEADER_SAFESTACK_H */
+    };
+
+#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
+
+/* SKM_sk_... stack macros are internal to safestack.h:
+ * never use them directly, use sk_<type>_... instead */
+#define SKM_sk_new(type, cmp) \
+        ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp)
+#define SKM_sk_new_null(type) \
+        ((STACK_OF(type) * (*)(void))sk_new_null)()
+#define SKM_sk_free(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_free)(st)
+#define SKM_sk_num(type, st) \
+        ((int (*)(const STACK_OF(type) *))sk_num)(st)
+#define SKM_sk_value(type, st,i) \
+        ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i)
+#define SKM_sk_set(type, st,i,val) \
+        ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val)
+#define SKM_sk_zero(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_zero)(st)
+#define SKM_sk_push(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val)
+#define SKM_sk_unshift(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val)
+#define SKM_sk_find(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val)
+#define SKM_sk_delete(type, st,i) \
+        ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i)
+#define SKM_sk_delete_ptr(type, st,ptr) \
+        ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr)
+#define SKM_sk_insert(type, st,val,i) \
+        ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+        ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
+          (const type * const *, const type * const *))sk_set_cmp_func)\
+        (st, cmp)
+#define SKM_sk_dup(type, st) \
+        ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+        ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\
+        (st, free_func)
+#define SKM_sk_shift(type, st) \
+        ((type * (*)(STACK_OF(type) *))sk_shift)(st)
+#define SKM_sk_pop(type, st) \
+        ((type * (*)(STACK_OF(type) *))sk_pop)(st)
+#define SKM_sk_sort(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_sort)(st)
+
+#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
+                                       type *(*)(type **, unsigned char **,long), \
+                                       void (*)(type *), int ,int )) d2i_ASN1_SET) \
+                                                (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
+#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        ((int (*)(STACK_OF(type) *,unsigned char **, \
+                           int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \
+                                                (st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+        ((unsigned char *(*)(STACK_OF(type) *, \
+                                    int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \
+                                (st, i2d_func, buf, len)
+#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+        ((STACK_OF(type) * (*)(unsigned char *,int, \
+                                       type *(*)(type **,unsigned char **, long), \
+                                       void (*)(type *)))ASN1_seq_unpack) \
+                                        (buf,len,d2i_func, free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        ((STACK_OF(type) * (*)(X509_ALGOR *, \
+                                type *(*)(type **, unsigned char **, long), void (*)(type *), \
+                                const char *, int, \
+                                ASN1_STRING *, int))PKCS12_decrypt_d2i) \
+                                (algor,d2i_func,free_func,pass,passlen,oct,seq)
+
+#else
+
+#define STACK_OF(type) STACK
+#define PREDECLARE_STACK_OF(type) /* nada */
+#define DECLARE_STACK_OF(type)    /* nada */
+#define IMPLEMENT_STACK_OF(type)  /* nada */
+
+#define SKM_sk_new(type, cmp) \
+        sk_new((int (*)(const char * const *, const char * const *))(cmp))
+#define SKM_sk_new_null(type) \
+        sk_new_null()
+#define SKM_sk_free(type, st) \
+        sk_free(st)
+#define SKM_sk_num(type, st) \
+        sk_num(st)
+#define SKM_sk_value(type, st,i) \
+        ((type *)sk_value(st, i))
+#define SKM_sk_set(type, st,i,val) \
+        ((type *)sk_set(st, i,(char *)val))
+#define SKM_sk_zero(type, st) \
+        sk_zero(st)
+#define SKM_sk_push(type, st,val) \
+        sk_push(st, (char *)val)
+#define SKM_sk_unshift(type, st,val) \
+        sk_unshift(st, val)
+#define SKM_sk_find(type, st,val) \
+        sk_find(st, (char *)val)
+#define SKM_sk_delete(type, st,i) \
+        ((type *)sk_delete(st, i))
+#define SKM_sk_delete_ptr(type, st,ptr) \
+        ((type *)sk_delete_ptr(st,(char *)ptr))
+#define SKM_sk_insert(type, st,val,i) \
+        sk_insert(st, (char *)val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+        ((int (*)(const type * const *,const type * const *)) \
+        sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
+#define SKM_sk_dup(type, st) \
+        sk_dup(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+        sk_pop_free(st, (void (*)(void *))free_func)
+#define SKM_sk_shift(type, st) \
+        ((type *)sk_shift(st))
+#define SKM_sk_pop(type, st) \
+        ((type *)sk_pop(st))
+#define SKM_sk_sort(type, st) \
+        sk_sort(st)
+
+#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
+#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+        ASN1_seq_pack(st, i2d_func, buf, len)
+#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+        ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
+
+#endif
+
+/* This block of defines is updated by util/mkstack.pl, please do not touch! */
+#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
+#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
+#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
+#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
+#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
+#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
+#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
+#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
+
+#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
+#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
+#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
+#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
+#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
+#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
+#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
+#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
+
+#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
+#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
+#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
+#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
+#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
+#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
+#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
+#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
+
+#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
+#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
+#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
+#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
+#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
+#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
+#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
+#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
+
+#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
+#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
+#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
+#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
+#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
+#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
+#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
+#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
+
+#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+#define sk_BIO_new_null() SKM_sk_new_null(BIO)
+#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
+#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
+#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
+#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
+#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
+#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
+#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
+#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
+#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
+#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
+#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
+#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
+#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
+#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
+#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
+#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
+#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
+
+#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
+#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
+#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
+#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
+#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
+#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
+#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
+#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
+#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
+#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
+#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
+#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
+#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
+
+#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
+#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
+#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
+#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
+#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
+
+#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
+#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
+#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
+#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
+#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
+#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
+#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
+#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
+
+#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
+#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
+#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
+#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
+#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
+#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
+#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
+#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
+#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
+#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
+#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
+#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
+#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
+
+#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
+#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
+#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
+#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
+#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
+#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
+#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
+
+#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
+#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
+#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
+#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
+#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
+#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
+#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
+#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
+#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
+#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
+#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
+#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
+#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
+
+#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
+#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
+#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
+#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
+#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
+#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
+#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
+#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
+#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
+#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
+#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
+#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
+#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
+#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
+
+#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
+#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
+#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
+#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
+#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
+#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
+#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
+#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
+
+#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
+#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
+#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
+#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
+#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
+#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
+#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
+#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
+
+#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
+#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
+#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
+#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
+#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
+#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
+#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
+#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
+#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
+#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
+#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
+#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
+#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
+#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
+#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
+#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
+#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
+#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
+
+#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
+#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
+#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
+#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
+#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
+#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
+#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
+#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
+
+#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
+#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
+#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
+#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
+#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
+#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
+#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
+
+#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
+#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
+#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
+#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
+#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
+#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
+#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
+#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
+#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
+#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
+#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
+#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
+#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
+
+#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
+#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
+#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
+#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
+#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
+#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
+#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
+#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
+
+#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
+#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
+#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
+#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
+#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
+#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
+#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
+#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
+
+#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
+#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
+#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
+#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
+#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
+#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
+#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
+#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
+#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
+#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
+#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
+#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
+#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
+
+#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
+#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
+#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
+#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
+#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
+#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
+#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
+#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
+#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
+#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
+#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
+#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
+#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
+#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
+#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
+#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
+#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
+#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
+
+#define sk_X509_new(st) SKM_sk_new(X509, (st))
+#define sk_X509_new_null() SKM_sk_new_null(X509)
+#define sk_X509_free(st) SKM_sk_free(X509, (st))
+#define sk_X509_num(st) SKM_sk_num(X509, (st))
+#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
+#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
+#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
+#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
+#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
+#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
+#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
+#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
+#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
+#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
+#define sk_X509_dup(st) SKM_sk_dup(X509, st)
+#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
+#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
+#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
+#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
+
+#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
+#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
+#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
+#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
+#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
+#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
+#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
+#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
+
+#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
+#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
+#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
+#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
+#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
+#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
+#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
+#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
+#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
+#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
+#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
+#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
+#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
+
+#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
+#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
+#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
+#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
+#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
+#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
+#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
+#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
+
+#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
+#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
+#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
+#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
+#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
+#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
+#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
+#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
+#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
+#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
+#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
+#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
+#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
+#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
+#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
+#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
+#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
+#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
+
+#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
+#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
+#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
+#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
+#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
+#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
+#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
+#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
+
+#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
+#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
+#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
+#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
+#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
+#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
+#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
+#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
+#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
+#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
+#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
+#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
+#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
+#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
+#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
+#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
+#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
+#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
+
+#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
+#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
+#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
+#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
+#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
+#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
+#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
+#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
+
+#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
+#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
+#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
+#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
+#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
+#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
+#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
+#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
+#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
+#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
+#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
+#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
+#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
+#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
+#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
+#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
+#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
+#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
+
+#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
+#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
+#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
+#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
+#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
+#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
+#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
+#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
+
+#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
+#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
+#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
+#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
+#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
+#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
+#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
+#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
+#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
+#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
+#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
+#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
+#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
+
+#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
+#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
+#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
+#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
+#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
+#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
+#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
+#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
+
+#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
+#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
+#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
+#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
+#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
+#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
+#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
+#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
+#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
+#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
+#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
+#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
+#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
+
+#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
+#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
+#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
+#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
+#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
+#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
+#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
+#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
+#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
+#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
+#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
+#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
+#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
+
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
+
+#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+
+#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+/* End of util/mkstack.pl block, you may now edit :-) */
+
+#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/src/lib/libssl/src/crypto/stack/stack.c b/src/lib/libssl/src/crypto/stack/stack.c
index 58e9126339..02857f0446 100644
--- a/src/lib/libssl/src/crypto/stack/stack.c
+++ b/src/lib/libssl/src/crypto/stack/stack.c
@@ -74,12 +74,12 @@
 
 const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
 
-#define FP_ICC  (int (*)(const void *,const void *))
 #include <errno.h>
 
-int (*sk_set_cmp_func(STACK *sk, int (*c)()))(void)
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
+                (const char * const *, const char * const *)
         {
-        int (*old)()=sk->comp;
+        int (*old)(const char * const *,const char * const *)=sk->comp;
 
         if (sk->comp != c)
                 sk->sorted=0;
@@ -94,7 +94,7 @@ STACK *sk_dup(STACK *sk)
         char **s;
 
         if ((ret=sk_new(sk->comp)) == NULL) goto err;
-        s=(char **)Realloc((char *)ret->data,
+        s=(char **)OPENSSL_realloc((char *)ret->data,
                 (unsigned int)sizeof(char *)*sk->num_alloc);
         if (s == NULL) goto err;
         ret->data=s;
@@ -109,14 +109,19 @@ err:
         return(NULL);
         }
 
-STACK *sk_new(int (*c)())
+STACK *sk_new_null(void)
+        {
+        return sk_new((int (*)(const char * const *, const char * const *))0);
+        }
+
+STACK *sk_new(int (*c)(const char * const *, const char * const *))
         {
         STACK *ret;
         int i;
 
-        if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL)
+        if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
                 goto err0;
-        if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL)
+        if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
                 goto err1;
         for (i=0; i<MIN_NODES; i++)
                 ret->data[i]=NULL;
@@ -126,7 +131,7 @@ STACK *sk_new(int (*c)())
         ret->sorted=0;
         return(ret);
 err1:
-        Free(ret);
+        OPENSSL_free(ret);
 err0:
         return(NULL);
         }
@@ -138,7 +143,7 @@ int sk_insert(STACK *st, char *data, int loc)
         if(st == NULL) return 0;
         if (st->num_alloc <= st->num+1)
                 {
-                s=(char **)Realloc((char *)st->data,
+                s=(char **)OPENSSL_realloc((char *)st->data,
                         (unsigned int)sizeof(char *)*st->num_alloc*2);
                 if (s == NULL)
                         return(0);
@@ -207,7 +212,7 @@ int sk_find(STACK *st, char *data)
         {
         char **r;
         int i;
-        int (*comp_func)();
+        int (*comp_func)(const void *,const void *);
         if(st == NULL) return -1;
 
         if (st->comp == NULL)
@@ -219,13 +224,24 @@ int sk_find(STACK *st, char *data)
                 }
         sk_sort(st);
         if (data == NULL) return(-1);
-        comp_func=(int (*)())st->comp;
+        /* This (and the "qsort" below) are the two places in OpenSSL
+         * where we need to convert from our standard (type **,type **)
+         * compare callback type to the (void *,void *) type required by
+         * bsearch. However, the "data" it is being called(back) with are
+         * not (type *) pointers, but the *pointers* to (type *) pointers,
+         * so we get our extra level of pointer dereferencing that way. */
+        comp_func=(int (*)(const void *,const void *))(st->comp);
         r=(char **)bsearch(&data,(char *)st->data,
-                st->num,sizeof(char *),FP_ICC comp_func);
+                st->num,sizeof(char *), comp_func);
         if (r == NULL) return(-1);
         i=(int)(r-st->data);
         for ( ; i>0; i--)
-                if ((*st->comp)(&(st->data[i-1]),&data) < 0)
+                /* This needs a cast because the type being pointed to from
+                 * the "&" expressions are (char *) rather than (const char *).
+                 * For an explanation, read:
+                 * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */
+                if ((*st->comp)((const char * const *)&(st->data[i-1]),
+                                (const char * const *)&data) < 0)
                         break;
         return(i);
         }
@@ -262,7 +278,7 @@ void sk_zero(STACK *st)
         st->num=0;
         }
 
-void sk_pop_free(STACK *st, void (*func)())
+void sk_pop_free(STACK *st, void (*func)(void *))
         {
         int i;
 
@@ -276,17 +292,17 @@ void sk_pop_free(STACK *st, void (*func)())
 void sk_free(STACK *st)
         {
         if (st == NULL) return;
-        if (st->data != NULL) Free(st->data);
-        Free(st);
+        if (st->data != NULL) OPENSSL_free(st->data);
+        OPENSSL_free(st);
         }
 
-int sk_num(STACK *st)
+int sk_num(const STACK *st)
 {
         if(st == NULL) return -1;
         return st->num;
 }
 
-char *sk_value(STACK *st, int i)
+char *sk_value(const STACK *st, int i)
 {
         if(st == NULL) return NULL;
         return st->data[i];
@@ -299,13 +315,18 @@ char *sk_set(STACK *st, int i, char *value)
 }
 
 void sk_sort(STACK *st)
-    {
-    if (!st->sorted)
         {
-        int (*comp_func)();
-
-        comp_func=(int (*)())st->comp;
-        qsort(st->data,st->num,sizeof(char *),FP_ICC comp_func);
-        st->sorted=1;
+        if (!st->sorted)
+                {
+                int (*comp_func)(const void *,const void *);
+
+                /* same comment as in sk_find ... previously st->comp was declared
+                 * as a (void*,void*) callback type, but this made the population
+                 * of the callback pointer illogical - our callbacks compare
+                 * type** with type**, so we leave the casting until absolutely
+                 * necessary (ie. "now"). */
+                comp_func=(int (*)(const void *,const void *))(st->comp);
+                qsort(st->data,st->num,sizeof(char *), comp_func);
+                st->sorted=1;
+                }
         }
-    }
diff --git a/src/lib/libssl/src/crypto/stack/stack.h b/src/lib/libssl/src/crypto/stack/stack.h
index a615d9b4c9..8b436ca4b9 100644
--- a/src/lib/libssl/src/crypto/stack/stack.h
+++ b/src/lib/libssl/src/crypto/stack/stack.h
@@ -70,23 +70,21 @@ typedef struct stack_st
         int sorted;
 
         int num_alloc;
-        int (*comp)();
+        int (*comp)(const char * const *, const char * const *);
         } STACK;
 
-
-#define sk_new_null()   sk_new(NULL)
-
 #define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
 #define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
 
-int sk_num(STACK *);
-char *sk_value(STACK *, int);
+int sk_num(const STACK *);
+char *sk_value(const STACK *, int);
 
 char *sk_set(STACK *, int, char *);
 
-STACK *sk_new(int (*cmp)());
+STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+STACK *sk_new_null(void);
 void sk_free(STACK *);
-void sk_pop_free(STACK *st, void (*func)());
+void sk_pop_free(STACK *st, void (*func)(void *));
 int sk_insert(STACK *sk,char *data,int where);
 char *sk_delete(STACK *st,int loc);
 char *sk_delete_ptr(STACK *st, char *p);
@@ -96,7 +94,9 @@ int sk_unshift(STACK *st,char *data);
 char *sk_shift(STACK *st);
 char *sk_pop(STACK *st);
 void sk_zero(STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)()))();
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+                        const char * const *)))
+                        (const char * const *, const char * const *);
 STACK *sk_dup(STACK *st);
 void sk_sort(STACK *st);
 
diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h
new file mode 100644
index 0000000000..358ad355bb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/symhacks.h
@@ -0,0 +1,154 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SYMHACKS_H
+#define HEADER_SYMHACKS_H
+
+/* Hacks to solve the problem with linkers incapable of handling very long
+   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
+   VAX. */
+#ifdef VMS
+
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+#undef ASN1_STRING_set_default_mask_asc
+#define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
+#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECINF
+#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
+#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      d2i_ASN1_SET_OF_ACC_DESC
+#endif
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#undef PEM_read_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
+#undef PEM_write_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
+#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE     PEM_read_bio_NS_CERT_SEQ
+#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
+#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#undef PEM_read_PKCS8_PRIV_KEY_INFO
+#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
+#undef PEM_write_PKCS8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
+#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO    PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+
+/* Hack other PEM names */
+#undef PEM_write_bio_PKCS8PrivateKey_nid
+#define PEM_write_bio_PKCS8PrivateKey_nid       PEM_write_bio_PKCS8PrivKey_nid
+
+/* Hack some long X509 names */
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical        X509_REVOKED_get_ext_by_critic
+
+/* Hack some long CRYPTO names */
+#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
+#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
+#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
+
+/* Hack some long SSL names */
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
+#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
+#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
+#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
+
+/* Hack some long ENGINE names */
+#define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
+#define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
+
+#endif /* defined VMS */
+
+
+/* Case insensiteve linking causes problems.... */
+#if defined(WIN16) || defined(VMS)
+#undef ERR_load_CRYPTO_strings
+#define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#endif
+
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c
index 24713a3157..100165948c 100644
--- a/src/lib/libssl/src/crypto/threads/mttest.c
+++ b/src/lib/libssl/src/crypto/threads/mttest.c
@@ -699,7 +699,7 @@ void thread_setup(void)
         {
         int i;
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
@@ -716,7 +716,7 @@ void thread_cleanup(void)
         CRYPTO_set_locking_callback(NULL);
         for (i=0; i<CRYPTO_num_locks(); i++)
                 CloseHandle(lock_cs[i]);
-        Free(lock_cs);
+        OPENSSL_free(lock_cs);
         }
 
 void win32_locking_callback(int mode, int type, char *file, int line)
@@ -794,8 +794,8 @@ void thread_setup(void)
         {
         int i;
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-        lock_count=Malloc(CRYPTO_num_locks() * sizeof(long));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_count[i]=0;
@@ -821,8 +821,8 @@ void thread_cleanup(void)
                 mutex_destroy(&(lock_cs[i]));
                 fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
                 }
-        Free(lock_cs);
-        Free(lock_count);
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
 
         fprintf(stderr,"done cleanup\n");
 
@@ -919,7 +919,7 @@ void thread_setup(void)
         arena=usinit(filename);
         unlink(filename);
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_cs[i]=usnewsema(arena,1);
@@ -942,7 +942,7 @@ void thread_cleanup(void)
                 usdumpsema(lock_cs[i],stdout,buf);
                 usfreesema(lock_cs[i],arena);
                 }
-        Free(lock_cs);
+        OPENSSL_free(lock_cs);
         }
 
 void irix_locking_callback(int mode, int type, char *file, int line)
@@ -1002,8 +1002,8 @@ void thread_setup(void)
         {
         int i;
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-        lock_count=Malloc(CRYPTO_num_locks() * sizeof(long));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_count[i]=0;
@@ -1026,8 +1026,8 @@ void thread_cleanup(void)
                 fprintf(stderr,"%8ld:%s\n",lock_count[i],
                         CRYPTO_get_lock_name(i));
                 }
-        Free(lock_cs);
-        Free(lock_count);
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
 
         fprintf(stderr,"done cleanup\n");
         }
diff --git a/src/lib/libssl/src/crypto/threads/th-lock.c b/src/lib/libssl/src/crypto/threads/th-lock.c
index 3ee978060c..553d2218de 100644
--- a/src/lib/libssl/src/crypto/threads/th-lock.c
+++ b/src/lib/libssl/src/crypto/threads/th-lock.c
@@ -113,7 +113,7 @@ void CRYPTO_thread_setup(void)
         {
         int i;
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
@@ -131,7 +131,7 @@ static void CRYPTO_thread_cleanup(void)
         CRYPTO_set_locking_callback(NULL);
         for (i=0; i<CRYPTO_num_locks(); i++)
                 CloseHandle(lock_cs[i]);
-        Free(lock_cs);
+        OPENSSL_free(lock_cs);
         }
 
 void win32_locking_callback(int mode, int type, char *file, int line)
@@ -164,11 +164,11 @@ void CRYPTO_thread_setup(void)
         int i;
 
 #ifdef USE_MUTEX
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
 #else
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
 #endif
-        lock_count=Malloc(CRYPTO_num_locks() * sizeof(long));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_count[i]=0;
@@ -196,8 +196,8 @@ void CRYPTO_thread_cleanup(void)
                 rwlock_destroy(&(lock_cs[i]));
 #endif
                 }
-        Free(lock_cs);
-        Free(lock_count);
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
         }
 
 void solaris_locking_callback(int mode, int type, char *file, int line)
@@ -267,7 +267,7 @@ void CRYPTO_thread_setup(void)
         arena=usinit(filename);
         unlink(filename);
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_cs[i]=usnewsema(arena,1);
@@ -290,7 +290,7 @@ void CRYPTO_thread_cleanup(void)
                 usdumpsema(lock_cs[i],stdout,buf);
                 usfreesema(lock_cs[i],arena);
                 }
-        Free(lock_cs);
+        OPENSSL_free(lock_cs);
         }
 
 void irix_locking_callback(int mode, int type, char *file, int line)
@@ -324,8 +324,8 @@ void CRYPTO_thread_setup(void)
         {
         int i;
 
-        lock_cs=Malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-        lock_count=Malloc(CRYPTO_num_locks() * sizeof(long));
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
         for (i=0; i<CRYPTO_num_locks(); i++)
                 {
                 lock_count[i]=0;
@@ -345,8 +345,8 @@ void thread_cleanup(void)
                 {
                 pthread_mutex_destroy(&(lock_cs[i]));
                 }
-        Free(lock_cs);
-        Free(lock_count);
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
         }
 
 void pthreads_locking_callback(int mode, int type, char *file,
diff --git a/src/lib/libssl/src/crypto/tmdiff.c b/src/lib/libssl/src/crypto/tmdiff.c
index 0ad8a9ed8d..7773928666 100644
--- a/src/lib/libssl/src/crypto/tmdiff.c
+++ b/src/lib/libssl/src/crypto/tmdiff.c
@@ -134,7 +134,7 @@ char *ms_time_new(void)
         {
         MS_TM *ret;
 
-        ret=(MS_TM *)Malloc(sizeof(MS_TM));
+        ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM));
         if (ret == NULL)
                 return(NULL);
         memset(ret,0,sizeof(MS_TM));
@@ -147,7 +147,7 @@ char *ms_time_new(void)
 void ms_time_free(char *a)
         {
         if (a != NULL)
-                Free(a);
+                OPENSSL_free(a);
         }
 
 void ms_time_get(char *a)
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
index a631dce6f2..cb54d53323 100644
--- a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
@@ -83,5 +83,5 @@ txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-txt_db.o: ../../include/openssl/stack.h ../../include/openssl/txt_db.h
-txt_db.o: ../cryptlib.h
+txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c
index 33acc81f3f..3b04fe280c 100644
--- a/src/lib/libssl/src/crypto/txt_db/txt_db.c
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c
@@ -83,16 +83,16 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
         if ((buf=BUF_MEM_new()) == NULL) goto err;
         if (!BUF_MEM_grow(buf,size)) goto err;
 
-        if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL)
+        if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
                 goto err;
         ret->num_fields=num;
         ret->index=NULL;
         ret->qual=NULL;
         if ((ret->data=sk_new_null()) == NULL)
                 goto err;
-        if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL)
+        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
                 goto err;
-        if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL)
+        if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL)
                 goto err;
         for (i=0; i<num; i++)
                 {
@@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                 else
                         {
                         buf->data[offset-1]='\0'; /* blat the '\n' */
-                        p=(char *)Malloc(add+offset);
+                        p=(char *)OPENSSL_malloc(add+offset);
                         offset=0;
                         }
                 pp=(char **)p;
@@ -177,12 +177,12 @@ err:
         if (er)
                 {
 #if !defined(NO_STDIO) && !defined(WIN16)
-                if (er == 1) fprintf(stderr,"Malloc failure\n");
+                if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
 #endif
                 if (ret->data != NULL) sk_free(ret->data);
-                if (ret->index != NULL) Free(ret->index);
-                if (ret->qual != NULL) Free(ret->qual);
-                if (ret != NULL) Free(ret);
+                if (ret->index != NULL) OPENSSL_free(ret->index);
+                if (ret->qual != NULL) OPENSSL_free(ret->qual);
+                if (ret != NULL) OPENSSL_free(ret);
                 return(NULL);
                 }
         else
@@ -349,10 +349,10 @@ void TXT_DB_free(TXT_DB *db)
                 {
                 for (i=db->num_fields-1; i>=0; i--)
                         if (db->index[i] != NULL) lh_free(db->index[i]);
-                Free(db->index);
+                OPENSSL_free(db->index);
                 }
         if (db->qual != NULL)
-                Free(db->qual);
+                OPENSSL_free(db->qual);
         if (db->data != NULL)
                 {
                 for (i=sk_num(db->data)-1; i>=0; i--)
@@ -364,7 +364,7 @@ void TXT_DB_free(TXT_DB *db)
                         if (max == NULL) /* new row */
                                 {
                                 for (n=0; n<db->num_fields; n++)
-                                        if (p[n] != NULL) Free(p[n]);
+                                        if (p[n] != NULL) OPENSSL_free(p[n]);
                                 }
                         else
                                 {
@@ -372,12 +372,12 @@ void TXT_DB_free(TXT_DB *db)
                                         {
                                         if (((p[n] < (char *)p) || (p[n] > max))
                                                 && (p[n] != NULL))
-                                                Free(p[n]);
+                                                OPENSSL_free(p[n]);
                                         }
                                 }
-                        Free(sk_value(db->data,i));
+                        OPENSSL_free(sk_value(db->data,i));
                         }
                 sk_free(db->data);
                 }
-        Free(db);
+        OPENSSL_free(db);
         }
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.h b/src/lib/libssl/src/crypto/txt_db/txt_db.h
index 58b9de1353..342533d40d 100644
--- a/src/lib/libssl/src/crypto/txt_db/txt_db.h
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.h
@@ -59,10 +59,9 @@
 #ifndef HEADER_TXT_DB_H
 #define HEADER_TXT_DB_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef NO_BIO
+#include <openssl/bio.h>
 #endif
-
 #include <openssl/stack.h>
 #include <openssl/lhash.h>
 
@@ -73,6 +72,10 @@ extern "C" {
 #define DB_ERROR_NO_INDEX               4
 #define DB_ERROR_INSERT_INDEX_CLASH     5
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct txt_db_st
         {
         int num_fields;
@@ -85,7 +88,7 @@ typedef struct txt_db_st
         char **arg_row;
         } TXT_DB;
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 TXT_DB *TXT_DB_read(BIO *in, int num);
 long TXT_DB_write(BIO *out, TXT_DB *db);
 #else
diff --git a/src/lib/libssl/src/crypto/x509/Makefile.ssl b/src/lib/libssl/src/crypto/x509/Makefile.ssl
index 48937b43af..4619693733 100644
--- a/src/lib/libssl/src/crypto/x509/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/x509/Makefile.ssl
@@ -96,15 +96,17 @@ by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h
 by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -113,52 +115,60 @@ by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_file.o: ../cryptlib.h
 x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/opensslconf.h
 x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_att.o: ../cryptlib.h
 x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/opensslconf.h
 x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_cmp.o: ../cryptlib.h
 x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -166,14 +176,16 @@ x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x509_d2.o: ../cryptlib.h
 x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -183,49 +195,57 @@ x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
 x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_def.o: ../cryptlib.h
+x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_err.o: ../../include/openssl/x509_vfy.h
 x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/opensslconf.h
 x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_ext.o: ../cryptlib.h
 x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -234,15 +254,17 @@ x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../cryptlib.h
 x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -251,16 +273,17 @@ x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_obj.o: ../../include/openssl/opensslconf.h
 x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_obj.o: ../cryptlib.h
+x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -268,16 +291,18 @@ x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
 x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_r2x.o: ../cryptlib.h
+x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -285,17 +310,19 @@ x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
 x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_req.o: ../cryptlib.h
+x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -303,34 +330,39 @@ x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
 x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_set.o: ../cryptlib.h
+x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/opensslconf.h
 x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_trs.o: ../cryptlib.h
 x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -339,32 +371,35 @@ x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_txt.o: ../../include/openssl/opensslconf.h
 x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_txt.o: ../cryptlib.h
+x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
 x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -373,18 +408,21 @@ x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
 x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vfy.o: ../cryptlib.h
 x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -392,16 +430,18 @@ x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
 x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509name.o: ../cryptlib.h
+x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -409,16 +449,18 @@ x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
 x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509rset.o: ../cryptlib.h
+x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -427,16 +469,17 @@ x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509spki.o: ../cryptlib.h
+x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -444,16 +487,18 @@ x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
 x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509type.o: ../cryptlib.h
+x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -461,13 +506,15 @@ x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 x_all.o: ../cryptlib.h
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 14d12c56bd..cac64a6f40 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -146,11 +146,11 @@ static int new_dir(X509_LOOKUP *lu)
         {
         BY_DIR *a;
 
-        if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
+        if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
                 return(0);
         if ((a->buffer=BUF_MEM_new()) == NULL)
                 {
-                Free(a);
+                OPENSSL_free(a);
                 return(0);
                 }
         a->num_dirs=0;
@@ -168,11 +168,11 @@ static void free_dir(X509_LOOKUP *lu)
 
         a=(BY_DIR *)lu->method_data;
         for (i=0; i<a->num_dirs; i++)
-                if (a->dirs[i] != NULL) Free(a->dirs[i]);
-        if (a->dirs != NULL) Free(a->dirs);
-        if (a->dirs_type != NULL) Free(a->dirs_type);
+                if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+        if (a->dirs != NULL) OPENSSL_free(a->dirs);
+        if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
         if (a->buffer != NULL) BUF_MEM_free(a->buffer);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
@@ -204,9 +204,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                         if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
                                 {
                                 ctx->num_dirs_alloced+=10;
-                                pp=(char **)Malloc(ctx->num_dirs_alloced*
+                                pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
                                         sizeof(char *));
-                                ip=(int *)Malloc(ctx->num_dirs_alloced*
+                                ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
                                         sizeof(int));
                                 if ((pp == NULL) || (ip == NULL))
                                         {
@@ -218,14 +218,14 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                                 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
                                         sizeof(int));
                                 if (ctx->dirs != NULL)
-                                        Free(ctx->dirs);
+                                        OPENSSL_free(ctx->dirs);
                                 if (ctx->dirs_type != NULL)
-                                        Free(ctx->dirs_type);
+                                        OPENSSL_free(ctx->dirs_type);
                                 ctx->dirs=pp;
                                 ctx->dirs_type=ip;
                                 }
                         ctx->dirs_type[ctx->num_dirs]=type;
-                        ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
+                        ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
                         if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
                         strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
                         ctx->dirs[ctx->num_dirs][len]='\0';
@@ -326,7 +326,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                 /* we have added it to the cache so now pull
                  * it out again */
                 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-                tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
+                j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
+                if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
+                else tmp = NULL;
                 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
 
                 if (tmp != NULL)
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
index 0192272e7c..813c8adffd 100644
--- a/src/lib/libssl/src/crypto/x509/x509.h
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -59,15 +59,16 @@
 #ifndef HEADER_X509_H
 #define HEADER_X509_H
 
-#ifdef  __cplusplus
-extern "C" {
+#include <openssl/symhacks.h>
+#ifndef NO_BUFFER
+#include <openssl/buffer.h>
 #endif
-
-#ifdef VMS
-#undef X509_REVOKED_get_ext_by_critical
-#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+#ifndef NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef NO_BIO
+#include <openssl/bio.h>
 #endif
-
 #include <openssl/stack.h>
 #include <openssl/asn1.h>
 #include <openssl/safestack.h>
@@ -87,11 +88,19 @@ extern "C" {
 #include <openssl/evp.h>
 
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #ifdef WIN32
 /* Under Win32 this is defined in wincrypt.h */
 #undef X509_NAME
 #endif
 
+  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
+
 #define X509_FILETYPE_PEM       1
 #define X509_FILETYPE_ASN1      2
 #define X509_FILETYPE_DEFAULT   3
@@ -125,8 +134,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
 
 typedef struct X509_val_st
         {
-        ASN1_UTCTIME *notBefore;
-        ASN1_UTCTIME *notAfter;
+        ASN1_TIME *notBefore;
+        ASN1_TIME *notAfter;
         } X509_VAL;
 
 typedef struct X509_pubkey_st
@@ -158,7 +167,7 @@ typedef struct X509_name_st
         {
         STACK_OF(X509_NAME_ENTRY) *entries;
         int modified;   /* true if 'bytes' needs to be built */
-#ifdef HEADER_BUFFER_H
+#ifndef NO_BUFFER
         BUF_MEM *bytes;
 #else
         char *bytes;
@@ -200,6 +209,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 
 typedef struct X509_req_info_st
         {
+        unsigned char *asn1;
+        int length;
         ASN1_INTEGER *version;
         X509_NAME *subject;
         X509_PUBKEY *pubkey;
@@ -260,6 +271,8 @@ typedef struct x509_st
         unsigned long ex_kusage;
         unsigned long ex_xkusage;
         unsigned long ex_nscert;
+        ASN1_OCTET_STRING *skid;
+        struct AUTHORITY_KEYID_st *akid;
 #ifndef NO_SHA
         unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
@@ -307,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED     2
 #define X509_TRUST_UNTRUSTED    3
 
+/* Flags specific to X509_NAME_print_ex() */    
+
+/* The field separator information */
+
+#define XN_FLAG_SEP_MASK        (0xf << 16)
+
+#define XN_FLAG_COMPAT          0               /* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)       /* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)       /* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)       /* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE   (4 << 16)       /* One line per field */
+
+#define XN_FLAG_DN_REV          (1 << 20)       /* Reverse DN order */
+
+/* How the field name is shown */
+
+#define XN_FLAG_FN_MASK         (0x3 << 21)
+
+#define XN_FLAG_FN_SN           0               /* Object short name */
+#define XN_FLAG_FN_LN           (1 << 21)       /* Object long name */
+#define XN_FLAG_FN_OID          (2 << 21)       /* Always use OIDs */
+#define XN_FLAG_FN_NONE         (3 << 21)       /* No field names */
+
+#define XN_FLAG_SPC_EQ          (1 << 23)       /* Put spaces round '=' */
+
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+/* Complete set of RFC2253 flags */
+
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN)
+
 typedef struct X509_revoked_st
         {
         ASN1_INTEGER *serialNumber;
-        ASN1_UTCTIME *revocationDate;
+        ASN1_TIME *revocationDate;
         STACK_OF(X509_EXTENSION) /* optional */ *extensions;
         int sequence; /* load sequence */
         } X509_REVOKED;
@@ -323,8 +391,8 @@ typedef struct X509_crl_info_st
         ASN1_INTEGER *version;
         X509_ALGOR *sig_alg;
         X509_NAME *issuer;
-        ASN1_UTCTIME *lastUpdate;
-        ASN1_UTCTIME *nextUpdate;
+        ASN1_TIME *lastUpdate;
+        ASN1_TIME *nextUpdate;
         STACK_OF(X509_REVOKED) *revoked;
         STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
         } X509_CRL_INFO;
@@ -362,7 +430,7 @@ typedef struct private_key_st
         int references;
         } X509_PKEY;
 
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 typedef struct X509_info_st
         {
         X509 *x509;
@@ -445,9 +513,17 @@ typedef struct pkcs8_priv_key_info_st
         STACK_OF(X509_ATTRIBUTE) *attributes;
         } PKCS8_PRIV_KEY_INFO;
 
+#ifdef  __cplusplus
+}
+#endif
+
 #include <openssl/x509_vfy.h>
 #include <openssl/pkcs7.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #ifdef SSLEAY_MACROS
 #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
         a->signature,(char *)a->cert_info,r)
@@ -610,7 +686,7 @@ typedef struct pkcs8_priv_key_info_st
 const char *X509_verify_cert_error_string(long n);
 
 #ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -629,9 +705,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
-int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
-        unsigned char *md,unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
 #endif
 
 #ifndef NO_FP_API
@@ -663,9 +744,11 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
 X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
@@ -694,6 +777,8 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 #endif
 
 X509 *X509_dup(X509 *x509);
@@ -711,8 +796,10 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 
 #endif /* !SSLEAY_MACROS */
 
-int             X509_cmp_current_time(ASN1_UTCTIME *s);
-ASN1_UTCTIME *  X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int             X509_cmp_time(ASN1_TIME *s, time_t *t);
+int             X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
 
 const char *    X509_get_default_cert_area(void );
 const char *    X509_get_default_cert_dir(void );
@@ -825,6 +912,7 @@ int		i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
 X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
                                                                 long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
@@ -871,7 +959,7 @@ NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
 NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
 void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
 
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
 X509_INFO *     X509_INFO_new(void);
 void            X509_INFO_free(X509_INFO *a);
 char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -894,8 +982,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_issuer_name(X509 *a);
 int             X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@@ -931,28 +1019,30 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
 
 int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 
-int             X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_and_serial_hash(X509 *a);
 
-int             X509_issuer_name_cmp(X509 *a, X509 *b);
+int             X509_issuer_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_issuer_name_hash(X509 *a);
 
-int             X509_subject_name_cmp(X509 *a,X509 *b);
+int             X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_subject_name_hash(X509 *x);
 
-int             X509_cmp (X509 *a, X509 *b);
-int             X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+int             X509_cmp(const X509 *a, const X509 *b);
+int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
 
-int             X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 #ifndef NO_FP_API
 int             X509_print_fp(FILE *bp,X509 *x);
 int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
 int             X509_print(BIO *bp,X509 *x);
 int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int             X509_CRL_print(BIO *bp,X509_CRL *x);
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index a8a5ca8b03..b147d573d2 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
         {
         int i;
         X509_CINF *ai,*bi;
@@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
         }
 #endif
         
-int X509_issuer_name_cmp(X509 *a, X509 *b)
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
         {
         return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
         }
 
-int X509_subject_name_cmp(X509 *a, X509 *b)
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
         {
         return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
         }
 
-int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
         {
         return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
         }
@@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x)
 
 #ifndef NO_SHA
 /* Compare two certificates: they must be identical for
- * this to work.
+ * this to work. NB: Although "cmp" operations are generally
+ * prototyped to take "const" arguments (eg. for use in
+ * STACKs), the way X509 handling is - these operations may
+ * involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point
+ * where the "depth-first" constification tree has to halt
+ * with an evil cast.
  */
-int X509_cmp(X509 *a, X509 *b)
+int X509_cmp(const X509 *a, const X509 *b)
 {
         /* ensure hash is valid */
-        X509_check_purpose(a, -1, 0);
-        X509_check_purpose(b, -1, 0);
+        X509_check_purpose((X509 *)a, -1, 0);
+        X509_check_purpose((X509 *)b, -1, 0);
 
         return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
 }
 #endif
 
-int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
         {
         int i,j;
         X509_NAME_ENTRY *na,*nb;
@@ -198,14 +204,14 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
         i=i2d_X509_NAME(x,NULL);
         if (i > sizeof(str))
-                p=Malloc(i);
+                p=OPENSSL_malloc(i);
         else
                 p=str;
 
         pp=p;
         i2d_X509_NAME(x,&pp);
         MD5((unsigned char *)p,i,&(md[0]));
-        if (p != str) Free(p);
+        if (p != str) OPENSSL_free(p);
 
         ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c
index a20006d67e..863c738cad 100644
--- a/src/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/src/lib/libssl/src/crypto/x509/x509_lu.c
@@ -62,14 +62,13 @@
 #include <openssl/x509.h>
 
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL;
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
         {
         X509_LOOKUP *ret;
 
-        ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
-        if (ret == NULL) return(NULL);
+        ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+        if (ret == NULL) return NULL;
 
         ret->init=0;
         ret->skip=0;
@@ -78,10 +77,10 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
         ret->store_ctx=NULL;
         if ((method->new_item != NULL) && !method->new_item(ret))
                 {
-                Free(ret);
-                return(NULL);
+                OPENSSL_free(ret);
+                return NULL;
                 }
-        return(ret);
+        return ret;
         }
 
 void X509_LOOKUP_free(X509_LOOKUP *ctx)
@@ -90,44 +89,44 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
         if (    (ctx->method != NULL) &&
                 (ctx->method->free != NULL))
                 ctx->method->free(ctx);
-        Free(ctx);
+        OPENSSL_free(ctx);
         }
 
 int X509_LOOKUP_init(X509_LOOKUP *ctx)
         {
-        if (ctx->method == NULL) return(0);
+        if (ctx->method == NULL) return 0;
         if (ctx->method->init != NULL)
-                return(ctx->method->init(ctx));
+                return ctx->method->init(ctx);
         else
-                return(1);
+                return 1;
         }
 
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
         {
-        if (ctx->method == NULL) return(0);
+        if (ctx->method == NULL) return 0;
         if (ctx->method->shutdown != NULL)
-                return(ctx->method->shutdown(ctx));
+                return ctx->method->shutdown(ctx);
         else
-                return(1);
+                return 1;
         }
 
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
              char **ret)
         {
-        if (ctx->method == NULL) return(-1);
+        if (ctx->method == NULL) return -1;
         if (ctx->method->ctrl != NULL)
-                return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+                return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
         else
-                return(1);
+                return 1;
         }
 
 int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
              X509_OBJECT *ret)
         {
         if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-                return(X509_LU_FAIL);
-        if (ctx->skip) return(0);
-        return(ctx->method->get_by_subject(ctx,type,name,ret));
+                return X509_LU_FAIL;
+        if (ctx->skip) return 0;
+        return ctx->method->get_by_subject(ctx,type,name,ret);
         }
 
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
@@ -135,71 +134,55 @@ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
         {
         if ((ctx->method == NULL) ||
                 (ctx->method->get_by_issuer_serial == NULL))
-                return(X509_LU_FAIL);
-        return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+                return X509_LU_FAIL;
+        return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
         }
 
 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
              unsigned char *bytes, int len, X509_OBJECT *ret)
         {
         if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-                return(X509_LU_FAIL);
-        return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+                return X509_LU_FAIL;
+        return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
         }
 
 int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
              X509_OBJECT *ret)
         {
         if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-                return(X509_LU_FAIL);
-        return(ctx->method->get_by_alias(ctx,type,str,len,ret));
+                return X509_LU_FAIL;
+        return ctx->method->get_by_alias(ctx,type,str,len,ret);
         }
 
-static unsigned long x509_object_hash(X509_OBJECT *a)
-        {
-        unsigned long h;
-
-        switch (a->type)
-                {
-        case X509_LU_X509:
-                h=X509_NAME_hash(a->data.x509->cert_info->subject);
-                break;
-        case X509_LU_CRL:
-                h=X509_NAME_hash(a->data.crl->crl->issuer);
-                break;
-        default:
-                abort();
-                }
-        return(h);
-        }
-
-static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
-        {
-        int ret;
-
-        ret=(a->type - b->type);
-        if (ret) return(ret);
-        switch (a->type)
-                {
-        case X509_LU_X509:
-                ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
-                break;
-        case X509_LU_CRL:
-                ret=X509_CRL_cmp(a->data.crl,b->data.crl);
-                break;
+  
+static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+        {
+        int ret;
+
+        ret=((*a)->type - (*b)->type);
+        if (ret) return ret;
+        switch ((*a)->type)
+                {
+        case X509_LU_X509:
+                ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
+                break;
+        case X509_LU_CRL:
+                ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
+                break;
         default:
-                abort();
+                /* abort(); */
+                return 0;
                 }
-        return(ret);
+        return ret;
         }
 
 X509_STORE *X509_STORE_new(void)
         {
         X509_STORE *ret;
 
-        if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
-                return(NULL);
-        ret->certs=lh_new(x509_object_hash,x509_object_cmp);
+        if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+                return NULL;
+        ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
         ret->cache=1;
         ret->get_cert_methods=sk_X509_LOOKUP_new_null();
         ret->verify=NULL;
@@ -207,7 +190,7 @@ X509_STORE *X509_STORE_new(void)
         memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
         ret->references=1;
         ret->depth=0;
-        return(ret);
+        return ret;
         }
 
 static void cleanup(X509_OBJECT *a)
@@ -221,9 +204,11 @@ static void cleanup(X509_OBJECT *a)
                 X509_CRL_free(a->data.crl);
                 }
         else
-                abort();
+                {
+                /* abort(); */
+                }
 
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void X509_STORE_free(X509_STORE *vfy)
@@ -232,7 +217,7 @@ void X509_STORE_free(X509_STORE *vfy)
         STACK_OF(X509_LOOKUP) *sk;
         X509_LOOKUP *lu;
 
-        if(vfy == NULL)
+        if (vfy == NULL)
             return;
 
         sk=vfy->get_cert_methods;
@@ -243,11 +228,10 @@ void X509_STORE_free(X509_STORE *vfy)
                 X509_LOOKUP_free(lu);
                 }
         sk_X509_LOOKUP_free(sk);
+        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
 
         CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
-        lh_doall(vfy->certs,cleanup);
-        lh_free(vfy->certs);
-        Free(vfy);
+        OPENSSL_free(vfy);
         }
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
@@ -262,22 +246,22 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
                 lu=sk_X509_LOOKUP_value(sk,i);
                 if (m == lu->method)
                         {
-                        return(lu);
+                        return lu;
                         }
                 }
         /* a new one */
         lu=X509_LOOKUP_new(m);
         if (lu == NULL)
-                return(NULL);
+                return NULL;
         else
                 {
                 lu->store_ctx=v;
                 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
-                        return(lu);
+                        return lu;
                 else
                         {
                         X509_LOOKUP_free(lu);
-                        return(NULL);
+                        return NULL;
                         }
                 }
         }
@@ -290,7 +274,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
         X509_OBJECT stmp,*tmp;
         int i,j;
 
-        tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
+        tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
 
         if (tmp == NULL)
                 {
@@ -301,7 +285,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
                         if (j < 0)
                                 {
                                 vs->current_method=j;
-                                return(j);
+                                return j;
                                 }
                         else if (j)
                                 {
@@ -311,7 +295,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
                         }
                 vs->current_method=0;
                 if (tmp == NULL)
-                        return(0);
+                        return 0;
                 }
 
 /*      if (ret->data.ptr != NULL)
@@ -322,7 +306,74 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
 
         X509_OBJECT_up_ref_count(ret);
 
-        return(1);
+        return 1;
+        }
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+        {
+        X509_OBJECT *obj;
+        int ret=1;
+
+        if (x == NULL) return 0;
+        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        obj->type=X509_LU_X509;
+        obj->data.x509=x;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+        X509_OBJECT_up_ref_count(obj);
+
+
+        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+                {
+                X509_OBJECT_free_contents(obj);
+                OPENSSL_free(obj);
+                X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                } 
+        else sk_X509_OBJECT_push(ctx->objs, obj);
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+        return ret;
+        }
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+        {
+        X509_OBJECT *obj;
+        int ret=1;
+
+        if (x == NULL) return 0;
+        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        obj->type=X509_LU_CRL;
+        obj->data.crl=x;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+        X509_OBJECT_up_ref_count(obj);
+
+        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+                {
+                X509_OBJECT_free_contents(obj);
+                OPENSSL_free(obj);
+                X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                }
+        else sk_X509_OBJECT_push(ctx->objs, obj);
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+        return ret;
         }
 
 void X509_OBJECT_up_ref_count(X509_OBJECT *a)
@@ -351,10 +402,10 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
                 }
         }
 
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
              X509_NAME *name)
         {
-        X509_OBJECT stmp,*tmp;
+        X509_OBJECT stmp;
         X509 x509_s;
         X509_CINF cinf_s;
         X509_CRL crl_s;
@@ -374,54 +425,105 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
                 crl_info_s.issuer=name;
                 break;
         default:
-                abort();
+                /* abort(); */
+                return -1;
                 }
 
-        tmp=(X509_OBJECT *)lh_retrieve(h,&stmp);
-        return(tmp);
+        return sk_X509_OBJECT_find(h,&stmp);
         }
 
-X509_STORE_CTX *X509_STORE_CTX_new(void)
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name)
 {
-        X509_STORE_CTX *ctx;
-        ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX));
-        if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
-        return ctx;
+        int idx;
+        idx = X509_OBJECT_idx_by_subject(h, type, name);
+        if (idx==-1) return NULL;
+        return sk_X509_OBJECT_value(h, idx);
 }
 
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
 {
-        X509_STORE_CTX_cleanup(ctx);
-        Free(ctx);
+        int idx, i;
+        X509_OBJECT *obj;
+        idx = sk_X509_OBJECT_find(h, x);
+        if (idx == -1) return NULL;
+        if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
+                {
+                obj = sk_X509_OBJECT_value(h, i);
+                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+                        return NULL;
+                if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+                        return obj;
+                }
+        return NULL;
 }
 
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
-             STACK_OF(X509) *chain)
-        {
-        ctx->ctx=store;
-        ctx->current_method=0;
-        ctx->cert=x509;
-        ctx->untrusted=chain;
-        ctx->last_untrusted=0;
-        ctx->purpose=0;
-        ctx->trust=0;
-        ctx->valid=0;
-        ctx->chain=NULL;
-        ctx->depth=9;
-        ctx->error=0;
-        ctx->current_cert=NULL;
-        memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
-        }
 
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
-        {
-        if (ctx->chain != NULL)
+/* Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all 
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+        X509_NAME *xn;
+        X509_OBJECT obj, *pobj;
+        int i, ok, idx;
+        xn=X509_get_issuer_name(x);
+        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+        if (ok != X509_LU_X509)
+                {
+                if (ok == X509_LU_RETRY)
+                        {
+                        X509_OBJECT_free_contents(&obj);
+                        X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+                        return -1;
+                        }
+                else if (ok != X509_LU_FAIL)
+                        {
+                        X509_OBJECT_free_contents(&obj);
+                        /* not good :-(, break anyway */
+                        return -1;
+                        }
+                return 0;
+                }
+        /* If certificate matches all OK */
+        if (ctx->check_issued(ctx, x, obj.data.x509))
                 {
-                sk_X509_pop_free(ctx->chain,X509_free);
-                ctx->chain=NULL;
+                *issuer = obj.data.x509;
+                return 1;
                 }
-        CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data));
-        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
-        }
+        X509_OBJECT_free_contents(&obj);
+        /* Else find index of first matching cert */
+        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+        /* This shouldn't normally happen since we already have one match */
+        if (idx == -1) return 0;
+
+        /* Look through all matching certificates for a suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+                {
+                pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+                /* See if we've ran out of matches */
+                if (pobj->type != X509_LU_X509) return 0;
+                if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
+                if (ctx->check_issued(ctx, x, pobj->data.x509))
+                        {
+                        *issuer = pobj->data.x509;
+                        X509_OBJECT_up_ref_count(pobj);
+                        return 1;
+                        }
+                }
+        return 0;
+}
 
 IMPLEMENT_STACK_OF(X509_LOOKUP)
+IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c
index 691b71f031..6a3ba8eb15 100644
--- a/src/lib/libssl/src/crypto/x509/x509_obj.c
+++ b/src/lib/libssl/src/crypto/x509/x509_obj.c
@@ -91,7 +91,7 @@ int i;
             if(b)
                 {
                 buf=b->data;
-                Free(b);
+                OPENSSL_free(b);
                 }
             strncpy(buf,"NO X509_NAME",len);
             return buf;
@@ -210,7 +210,7 @@ int i;
         if (b != NULL)
                 {
                 p=b->data;
-                Free(b);
+                OPENSSL_free(b);
                 }
         else
                 p=buf;
diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c
index baef8790eb..7eca1bd57a 100644
--- a/src/lib/libssl/src/crypto/x509/x509_req.c
+++ b/src/lib/libssl/src/crypto/x509/x509_req.c
@@ -83,7 +83,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
         ri=ret->req_info;
 
         ri->version->length=1;
-        ri->version->data=(unsigned char *)Malloc(1);
+        ri->version->data=(unsigned char *)OPENSSL_malloc(1);
         if (ri->version->data == NULL) goto err;
         ri->version->data[0]=0; /* version == 0 */
 
@@ -188,7 +188,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
         /* Generate encoding of extensions */
         len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
                         V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        if(!(p = Malloc(len))) goto err;
+        if(!(p = OPENSSL_malloc(len))) goto err;
         q = p;
         i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
                         V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
@@ -204,7 +204,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
         if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
         return 1;
         err:
-        if(p) Free(p);
+        if(p) OPENSSL_free(p);
         X509_ATTRIBUTE_free(attr);
         ASN1_TYPE_free(at);
         return 0;
diff --git a/src/lib/libssl/src/crypto/x509/x509_set.c b/src/lib/libssl/src/crypto/x509/x509_set.c
index add842d17a..aaf61ca062 100644
--- a/src/lib/libssl/src/crypto/x509/x509_set.c
+++ b/src/lib/libssl/src/crypto/x509/x509_set.c
@@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
         return(X509_NAME_set(&x->cert_info->subject,name));
         }
 
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
         {
-        ASN1_UTCTIME *in;
+        ASN1_TIME *in;
 
         if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
         in=x->cert_info->validity->notBefore;
         if (in != tm)
                 {
-                in=M_ASN1_UTCTIME_dup(tm);
+                in=M_ASN1_TIME_dup(tm);
                 if (in != NULL)
                         {
-                        M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+                        M_ASN1_TIME_free(x->cert_info->validity->notBefore);
                         x->cert_info->validity->notBefore=in;
                         }
                 }
         return(in != NULL);
         }
 
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
         {
-        ASN1_UTCTIME *in;
+        ASN1_TIME *in;
 
         if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
         in=x->cert_info->validity->notAfter;
         if (in != tm)
                 {
-                in=M_ASN1_UTCTIME_dup(tm);
+                in=M_ASN1_TIME_dup(tm);
                 if (in != NULL)
                         {
-                        M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+                        M_ASN1_TIME_free(x->cert_info->validity->notAfter);
                         x->cert_info->validity->notAfter=in;
                         }
                 }
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c
index c779aaf94d..a7b1543461 100644
--- a/src/lib/libssl/src/crypto/x509/x509_trs.c
+++ b/src/lib/libssl/src/crypto/x509/x509_trs.c
@@ -61,7 +61,8 @@
 #include <openssl/x509v3.h>
 
 
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
+static int tr_cmp(const X509_TRUST * const *a,
+                const X509_TRUST * const *b);
 static void trtable_free(X509_TRUST *p);
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
@@ -88,7 +89,8 @@ IMPLEMENT_STACK_OF(X509_TRUST)
 
 static STACK_OF(X509_TRUST) *trtable = NULL;
 
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
+static int tr_cmp(const X509_TRUST * const *a,
+                const X509_TRUST * const *b)
 {
         return (*a)->trust - (*b)->trust;
 }
@@ -152,15 +154,15 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
         idx = X509_TRUST_get_by_id(id);
         /* Need a new entry */
         if(idx == -1) {
-                if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
+                if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
                         X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 trtmp->flags = X509_TRUST_DYNAMIC;
         } else trtmp = X509_TRUST_get0(idx);
 
-        /* Free existing name if dynamic */
-        if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
+        /* OPENSSL_free existing name if dynamic */
+        if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
         /* dup supplied name */
         if(!(trtmp->name = BUF_strdup(name))) {
                 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
@@ -196,8 +198,8 @@ static void trtable_free(X509_TRUST *p)
         if (p->flags & X509_TRUST_DYNAMIC) 
                 {
                 if (p->flags & X509_TRUST_DYNAMIC_NAME)
-                        Free(p->name);
-                Free(p);
+                        OPENSSL_free(p->name);
+                OPENSSL_free(p);
                 }
         }
 
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c
index 209cf53191..cfb478d4bc 100644
--- a/src/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/src/lib/libssl/src/crypto/x509/x509_txt.c
@@ -132,6 +132,15 @@ const char *X509_verify_cert_error_string(long n)
                 return ("certificate rejected");
         case X509_V_ERR_APPLICATION_VERIFICATION:
                 return("application verification failure");
+        case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+                return("subject issuer mismatch");
+        case X509_V_ERR_AKID_SKID_MISMATCH:
+                return("authority and subject key identifier mismatch");
+        case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+                return("authority and issuer serial number mismatch");
+        case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+                return("key usage does not include certificate signing");
+
         default:
                 sprintf(buf,"error number %ld",n);
                 return(buf);
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index 3ddb2303d3..0f4110cc64 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -71,6 +71,8 @@
 #include <openssl/objects.h>
 
 static int null_callback(int ok,X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_purpose(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
@@ -85,13 +87,13 @@ static STACK *x509_store_method=NULL;
 
 static int null_callback(int ok, X509_STORE_CTX *e)
         {
-        return(ok);
+        return ok;
         }
 
 #if 0
 static int x509_subject_cmp(X509 **a, X509 **b)
         {
-        return(X509_subject_name_cmp(*a,*b));
+        return X509_subject_name_cmp(*a,*b);
         }
 #endif
 
@@ -99,7 +101,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         {
         X509 *x,*xtmp,*chain_ss=NULL;
         X509_NAME *xn;
-        X509_OBJECT obj;
         int depth,i,ok=0;
         int num;
         int (*cb)();
@@ -108,10 +109,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         if (ctx->cert == NULL)
                 {
                 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-                return(-1);
+                return -1;
                 }
 
-        cb=ctx->ctx->verify_cb;
+        cb=ctx->verify_cb;
         if (cb == NULL) cb=null_callback;
 
         /* first we make sure the chain we are going to build is
@@ -152,13 +153,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
                 /* If we are self signed, we break */
                 xn=X509_get_issuer_name(x);
-                if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
-                        break;
+                if (ctx->check_issued(ctx, x,x)) break;
 
                 /* If we were passed a cert chain, use it first */
                 if (ctx->untrusted != NULL)
                         {
-                        xtmp=X509_find_by_subject(sktmp,xn);
+                        xtmp=find_issuer(ctx, sktmp,x);
                         if (xtmp != NULL)
                                 {
                                 if (!sk_X509_push(ctx->chain,xtmp))
@@ -183,11 +183,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          * certificates.  We now need to add at least one trusted one,
          * if possible, otherwise we complain. */
 
+        /* Examine last certificate in chain and see if it
+         * is self signed.
+         */
+
         i=sk_X509_num(ctx->chain);
         x=sk_X509_value(ctx->chain,i-1);
         xn = X509_get_subject_name(x);
-        if (X509_NAME_cmp(xn,X509_get_issuer_name(x))
-                == 0)
+        if (ctx->check_issued(ctx, x, x))
                 {
                 /* we have a self signed certificate */
                 if (sk_X509_num(ctx->chain) == 1)
@@ -196,13 +199,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                          * we can find it in the store. We must have an exact
                          * match to avoid possible impersonation.
                          */
-                        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-                        if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509)) 
+                        ok = ctx->get_issuer(&xtmp, ctx, x);
+                        if ((ok <= 0) || X509_cmp(x, xtmp)) 
                                 {
                                 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
                                 ctx->current_cert=x;
                                 ctx->error_depth=i-1;
-                                if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj);
+                                if (ok == 1) X509_free(xtmp);
                                 ok=cb(0,ctx);
                                 if (!ok) goto end;
                                 }
@@ -212,14 +215,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                  * so we get any trust settings.
                                  */
                                 X509_free(x);
-                                x = obj.data.x509;
+                                x = xtmp;
                                 sk_X509_set(ctx->chain, i - 1, x);
                                 ctx->last_untrusted=0;
                                 }
                         }
                 else
                         {
-                        /* worry more about this one elsewhere */
+                        /* extract and save self signed certificate for later use */
                         chain_ss=sk_X509_pop(ctx->chain);
                         ctx->last_untrusted--;
                         num--;
@@ -235,41 +238,30 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
                 /* If we are self signed, we break */
                 xn=X509_get_issuer_name(x);
-                if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
-                        break;
+                if (ctx->check_issued(ctx,x,x)) break;
 
-                ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-                if (ok != X509_LU_X509)
-                        {
-                        if (ok == X509_LU_RETRY)
-                                {
-                                X509_OBJECT_free_contents(&obj);
-                                X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
-                                return(ok);
-                                }
-                        else if (ok != X509_LU_FAIL)
-                                {
-                                X509_OBJECT_free_contents(&obj);
-                                /* not good :-(, break anyway */
-                                return(ok);
-                                }
-                        break;
-                        }
-                x=obj.data.x509;
-                if (!sk_X509_push(ctx->chain,obj.data.x509))
+                ok = ctx->get_issuer(&xtmp, ctx, x);
+
+                if (ok < 0) return ok;
+                if (ok == 0) break;
+
+                x = xtmp;
+                if (!sk_X509_push(ctx->chain,x))
                         {
-                        X509_OBJECT_free_contents(&obj);
+                        X509_free(xtmp);
                         X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                        return(0);
+                        return 0;
                         }
                 num++;
                 }
 
         /* we now have our chain, lets check it... */
         xn=X509_get_issuer_name(x);
-        if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
+
+        /* Is last certificate looked up self signed? */
+        if (!ctx->check_issued(ctx,x,x))
                 {
-                if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
+                if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
                         {
                         if (ctx->last_untrusted >= num)
                                 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@@ -294,22 +286,22 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                 }
 
         /* We have the chain complete: now we need to check its purpose */
-        if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
+        if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
 
-        if(!ok) goto end;
+        if (!ok) goto end;
 
         /* The chain extensions are OK: check trust */
 
-        if(ctx->trust > 0) ok = check_trust(ctx);
+        if (ctx->trust > 0) ok = check_trust(ctx);
 
-        if(!ok) goto end;
+        if (!ok) goto end;
 
         /* We may as well copy down any DSA parameters that are required */
         X509_get_pubkey_parameters(NULL,ctx->chain);
 
         /* At this point, we have a chain and just need to verify it */
-        if (ctx->ctx->verify != NULL)
-                ok=ctx->ctx->verify(ctx);
+        if (ctx->verify != NULL)
+                ok=ctx->verify(ctx);
         else
                 ok=internal_verify(ctx);
         if (0)
@@ -319,9 +311,61 @@ end:
                 }
         if (sktmp != NULL) sk_X509_free(sktmp);
         if (chain_ss != NULL) X509_free(chain_ss);
-        return(ok);
+        return ok;
         }
 
+
+/* Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+        int i;
+        X509 *issuer;
+        for (i = 0; i < sk_X509_num(sk); i++)
+                {
+                issuer = sk_X509_value(sk, i);
+                if (ctx->check_issued(ctx, x, issuer))
+                        return issuer;
+                }
+        return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+        int ret;
+        ret = X509_check_issued(issuer, x);
+        if (ret == X509_V_OK)
+                return 1;
+        /* If we haven't asked for issuer errors don't set ctx */
+        if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+                return 0;
+
+        ctx->error = ret;
+        ctx->current_cert = x;
+        ctx->current_issuer = issuer;
+        if (ctx->verify_cb)
+                return ctx->verify_cb(0, ctx);
+        return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+        *issuer = find_issuer(ctx, ctx->other_ctx, x);
+        if (*issuer)
+                {
+                CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
+                return 1;
+                }
+        else
+                return 0;
+}
+        
+
 /* Check a certificate chains extensions for consistency
  * with the supplied purpose
  */
@@ -334,32 +378,37 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
         int i, ok=0;
         X509 *x;
         int (*cb)();
-        cb=ctx->ctx->verify_cb;
+        cb=ctx->verify_cb;
         if (cb == NULL) cb=null_callback;
         /* Check all untrusted certificates */
-        for(i = 0; i < ctx->last_untrusted; i++) {
+        for (i = 0; i < ctx->last_untrusted; i++)
+                {
                 x = sk_X509_value(ctx->chain, i);
-                if(!X509_check_purpose(x, ctx->purpose, i)) {
-                        if(i) ctx->error = X509_V_ERR_INVALID_CA;
-                        else ctx->error = X509_V_ERR_INVALID_PURPOSE;
+                if (!X509_check_purpose(x, ctx->purpose, i))
+                        {
+                        if (i)
+                                ctx->error = X509_V_ERR_INVALID_CA;
+                        else
+                                ctx->error = X509_V_ERR_INVALID_PURPOSE;
                         ctx->error_depth = i;
                         ctx->current_cert = x;
                         ok=cb(0,ctx);
-                        if(!ok) goto end;
-                }
+                        if (!ok) goto end;
+                        }
                 /* Check pathlen */
-                if((i > 1) && (x->ex_pathlen != -1)
-                                        && (i > (x->ex_pathlen + 1))) {
+                if ((i > 1) && (x->ex_pathlen != -1)
+                           && (i > (x->ex_pathlen + 1)))
+                        {
                         ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
                         ctx->error_depth = i;
                         ctx->current_cert = x;
                         ok=cb(0,ctx);
-                        if(!ok) goto end;
+                        if (!ok) goto end;
+                        }
                 }
-        }
         ok = 1;
-        end:
-        return(ok);
+ end:
+        return ok;
 #endif
 }
 
@@ -371,19 +420,22 @@ static int check_trust(X509_STORE_CTX *ctx)
         int i, ok;
         X509 *x;
         int (*cb)();
-        cb=ctx->ctx->verify_cb;
+        cb=ctx->verify_cb;
         if (cb == NULL) cb=null_callback;
 /* For now just check the last certificate in the chain */
         i = sk_X509_num(ctx->chain) - 1;
         x = sk_X509_value(ctx->chain, i);
         ok = X509_check_trust(x, ctx->trust, 0);
-        if(ok == X509_TRUST_TRUSTED) return 1;
+        if (ok == X509_TRUST_TRUSTED)
+                return 1;
         ctx->error_depth = sk_X509_num(ctx->chain) - 1;
         ctx->current_cert = x;
-        if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
-        else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+        if (ok == X509_TRUST_REJECTED)
+                ctx->error = X509_V_ERR_CERT_REJECTED;
+        else
+                ctx->error = X509_V_ERR_CERT_UNTRUSTED;
         ok = cb(0, ctx);
-        return(ok);
+        return ok;
 #endif
 }
 
@@ -392,17 +444,21 @@ static int internal_verify(X509_STORE_CTX *ctx)
         int i,ok=0,n;
         X509 *xs,*xi;
         EVP_PKEY *pkey=NULL;
+        time_t *ptime;
         int (*cb)();
 
-        cb=ctx->ctx->verify_cb;
+        cb=ctx->verify_cb;
         if (cb == NULL) cb=null_callback;
 
         n=sk_X509_num(ctx->chain);
         ctx->error_depth=n-1;
         n--;
         xi=sk_X509_value(ctx->chain,n);
-        if (X509_NAME_cmp(X509_get_subject_name(xi),
-                X509_get_issuer_name(xi)) == 0)
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
+        if (ctx->check_issued(ctx, xi, xi))
                 xs=xi;
         else
                 {
@@ -448,7 +504,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                         EVP_PKEY_free(pkey);
                         pkey=NULL;
 
-                        i=X509_cmp_current_time(X509_get_notBefore(xs));
+                        i=X509_cmp_time(X509_get_notBefore(xs), ptime);
                         if (i == 0)
                                 {
                                 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
@@ -466,7 +522,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                         xs->valid=1;
                         }
 
-                i=X509_cmp_current_time(X509_get_notAfter(xs));
+                i=X509_cmp_time(X509_get_notAfter(xs), ptime);
                 if (i == 0)
                         {
                         ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -499,13 +555,18 @@ static int internal_verify(X509_STORE_CTX *ctx)
                 }
         ok=1;
 end:
-        return(ok);
+        return ok;
         }
 
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+        return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
         {
         char *str;
-        ASN1_UTCTIME atm;
+        ASN1_TIME atm;
         time_t offset;
         char buff1[24],buff2[24],*p;
         int i,j;
@@ -513,14 +574,35 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
         p=buff1;
         i=ctm->length;
         str=(char *)ctm->data;
-        if ((i < 11) || (i > 17)) return(0);
-        memcpy(p,str,10);
-        p+=10;
-        str+=10;
+        if (ctm->type == V_ASN1_UTCTIME)
+                {
+                if ((i < 11) || (i > 17)) return 0;
+                memcpy(p,str,10);
+                p+=10;
+                str+=10;
+                }
+        else
+                {
+                if (i < 13) return 0;
+                memcpy(p,str,12);
+                p+=12;
+                str+=12;
+                }
 
         if ((*str == 'Z') || (*str == '-') || (*str == '+'))
                 { *(p++)='0'; *(p++)='0'; }
-        else    { *(p++)= *(str++); *(p++)= *(str++); }
+        else
+                { 
+                *(p++)= *(str++);
+                *(p++)= *(str++);
+                /* Skip any fractional seconds... */
+                if (*str == '.')
+                        {
+                        str++;
+                        while ((*str >= '0') && (*str <= '9')) str++;
+                        }
+                
+                }
         *(p++)='Z';
         *(p++)='\0';
 
@@ -529,39 +611,51 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
         else
                 {
                 if ((*str != '+') && (str[5] != '-'))
-                        return(0);
+                        return 0;
                 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
                 offset+=(str[3]-'0')*10+(str[4]-'0');
                 if (*str == '-')
                         offset= -offset;
                 }
-        atm.type=V_ASN1_UTCTIME;
+        atm.type=ctm->type;
         atm.length=sizeof(buff2);
         atm.data=(unsigned char *)buff2;
 
-        X509_gmtime_adj(&atm,-offset*60);
+        X509_time_adj(&atm,-offset*60, cmp_time);
 
-        i=(buff1[0]-'0')*10+(buff1[1]-'0');
-        if (i < 50) i+=100; /* cf. RFC 2459 */
-        j=(buff2[0]-'0')*10+(buff2[1]-'0');
-        if (j < 50) j+=100;
+        if (ctm->type == V_ASN1_UTCTIME)
+                {
+                i=(buff1[0]-'0')*10+(buff1[1]-'0');
+                if (i < 50) i+=100; /* cf. RFC 2459 */
+                j=(buff2[0]-'0')*10+(buff2[1]-'0');
+                if (j < 50) j+=100;
 
-        if (i < j) return (-1);
-        if (i > j) return (1);
+                if (i < j) return -1;
+                if (i > j) return 1;
+                }
         i=strcmp(buff1,buff2);
         if (i == 0) /* wait a second then return younger :-) */
-                return(-1);
+                return -1;
         else
-                return(i);
+                return i;
         }
 
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+        return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
         {
         time_t t;
 
-        time(&t);
+        if (in_tm) t = *in_tm;
+        else time(&t);
+
         t+=adj;
-        return(ASN1_UTCTIME_set(s,t));
+        if (!s) return ASN1_TIME_set(s, t);
+        if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+        return ASN1_GENERALIZEDTIME_set(s, t);
         }
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -569,7 +663,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         EVP_PKEY *ktmp=NULL,*ktmp2;
         int i,j;
 
-        if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+        if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
 
         for (i=0; i<sk_X509_num(chain); i++)
                 {
@@ -577,7 +671,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
                 if (ktmp == NULL)
                         {
                         X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-                        return(0);
+                        return 0;
                         }
                 if (!EVP_PKEY_missing_parameters(ktmp))
                         break;
@@ -590,7 +684,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         if (ktmp == NULL)
                 {
                 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-                return(0);
+                return 0;
                 }
 
         /* first, populate the other certs */
@@ -603,101 +697,31 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         
         if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
         EVP_PKEY_free(ktmp);
-        return(1);
-        }
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-        {
-        X509_OBJECT *obj,*r;
-        int ret=1;
-
-        if (x == NULL) return(0);
-        obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        obj->type=X509_LU_X509;
-        obj->data.x509=x;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-        X509_OBJECT_up_ref_count(obj);
-
-        r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
-        if (r != NULL)
-                { /* oops, put it back */
-                lh_delete(ctx->certs,obj);
-                X509_OBJECT_free_contents(obj);
-                Free(obj);
-                lh_insert(ctx->certs,r);
-                X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-                ret=0;
-                }
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-        return(ret);    
-        }
-
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
-        {
-        X509_OBJECT *obj,*r;
-        int ret=1;
-
-        if (x == NULL) return(0);
-        obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        obj->type=X509_LU_CRL;
-        obj->data.crl=x;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-        X509_OBJECT_up_ref_count(obj);
-
-        r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
-        if (r != NULL)
-                { /* oops, put it back */
-                lh_delete(ctx->certs,obj);
-                X509_OBJECT_free_contents(obj);
-                Free(obj);
-                lh_insert(ctx->certs,r);
-                X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-                ret=0;
-                }
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-        return(ret);    
+        return 1;
         }
 
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
              CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
         x509_store_ctx_num++;
-        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+        return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
                 &x509_store_ctx_method,
-                argl,argp,new_func,dup_func,free_func));
+                argl,argp,new_func,dup_func,free_func);
         }
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
         {
-        return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+        return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
         }
 
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
         {
-        return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+        return CRYPTO_get_ex_data(&ctx->ex_data,idx);
         }
 
 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
         {
-        return(ctx->error);
+        return ctx->error;
         }
 
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
@@ -707,17 +731,17 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
 
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
         {
-        return(ctx->error_depth);
+        return ctx->error_depth;
         }
 
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
         {
-        return(ctx->current_cert);
+        return ctx->current_cert;
         }
 
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
         {
-        return(ctx->chain);
+        return ctx->chain;
         }
 
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
@@ -725,12 +749,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
         int i;
         X509 *x;
         STACK_OF(X509) *chain;
-        if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-        for(i = 0; i < sk_X509_num(chain); i++) {
+        if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+        for (i = 0; i < sk_X509_num(chain); i++)
+                {
                 x = sk_X509_value(chain, i);
                 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        }
-        return(chain);
+                }
+        return chain;
         }
 
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
@@ -768,43 +793,123 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 {
         int idx;
         /* If purpose not set use default */
-        if(!purpose) purpose = def_purpose;
+        if (!purpose) purpose = def_purpose;
         /* If we have a purpose then check it is valid */
-        if(purpose) {
+        if (purpose)
+                {
                 X509_PURPOSE *ptmp;
                 idx = X509_PURPOSE_get_by_id(purpose);
-                if(idx == -1) {
+                if (idx == -1)
+                        {
                         X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                 X509_R_UNKNOWN_PURPOSE_ID);
                         return 0;
-                }
+                        }
                 ptmp = X509_PURPOSE_get0(idx);
-                if(ptmp->trust == X509_TRUST_DEFAULT) {
+                if (ptmp->trust == X509_TRUST_DEFAULT)
+                        {
                         idx = X509_PURPOSE_get_by_id(def_purpose);
-                        if(idx == -1) {
+                        if (idx == -1)
+                                {
                                 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                 X509_R_UNKNOWN_PURPOSE_ID);
                                 return 0;
-                        }
+                                }
                         ptmp = X509_PURPOSE_get0(idx);
-                }
+                        }
                 /* If trust not set then get from purpose default */
-                if(!trust) trust = ptmp->trust;
-        }
-        if(trust) {
+                if (!trust) trust = ptmp->trust;
+                }
+        if (trust)
+                {
                 idx = X509_TRUST_get_by_id(trust);
-                if(idx == -1) {
+                if (idx == -1)
+                        {
                         X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                 X509_R_UNKNOWN_TRUST_ID);
                         return 0;
+                        }
                 }
-        }
 
-        if(purpose) ctx->purpose = purpose;
-        if(trust) ctx->trust = trust;
+        if (purpose) ctx->purpose = purpose;
+        if (trust) ctx->trust = trust;
         return 1;
 }
 
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+        X509_STORE_CTX *ctx;
+        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+        if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+        return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+        X509_STORE_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+}
+
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+             STACK_OF(X509) *chain)
+        {
+        ctx->ctx=store;
+        ctx->current_method=0;
+        ctx->cert=x509;
+        ctx->untrusted=chain;
+        ctx->last_untrusted=0;
+        ctx->purpose=0;
+        ctx->trust=0;
+        ctx->check_time=0;
+        ctx->flags=0;
+        ctx->other_ctx=NULL;
+        ctx->valid=0;
+        ctx->chain=NULL;
+        ctx->depth=9;
+        ctx->error=0;
+        ctx->error_depth=0;
+        ctx->current_cert=NULL;
+        ctx->current_issuer=NULL;
+        ctx->check_issued = check_issued;
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+        ctx->verify_cb = store->verify_cb;
+        ctx->verify = store->verify;
+        ctx->cleanup = 0;
+        memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+        }
+
+/* Set alternative lookup method: just a STACK of trusted certificates.
+ * This avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+        ctx->other_ctx = sk;
+        ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+        {
+        if (ctx->cleanup) ctx->cleanup(ctx);
+        if (ctx->chain != NULL)
+                {
+                sk_X509_pop_free(ctx->chain,X509_free);
+                ctx->chain=NULL;
+                }
+        CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+        }
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
+        {
+        ctx->flags |= flags;
+        }
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
+        {
+        ctx->check_time = t;
+        ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
+        }
 
 IMPLEMENT_STACK_OF(X509)
 IMPLEMENT_ASN1_SET_OF(X509)
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h
index 4637aecedf..e289d5309a 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.h
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -65,13 +65,16 @@
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef NO_LHASH
+#include <openssl/lhash.h>
 #endif
-
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* Outer object */
 typedef struct x509_hash_dir_st
         {
@@ -128,6 +131,7 @@ typedef struct x509_object_st
 typedef struct x509_lookup_st X509_LOOKUP;
 
 DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
 
 /* This is a static that defines the function interface */
 typedef struct x509_lookup_method_st
@@ -150,7 +154,7 @@ typedef struct x509_lookup_method_st
                             X509_OBJECT *ret);
         } X509_LOOKUP_METHOD;
 
-typedef struct x509_store_state_st X509_STORE_CTX;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
 
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
@@ -159,11 +163,7 @@ typedef struct x509_store_st
         {
         /* The following is a cache of trusted certs */
         int cache;      /* if true, stash any hits */
-#ifdef HEADER_LHASH_H
-        LHASH *certs;   /* cached certs; */ 
-#else
-        char *certs;
-#endif
+        STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects */
 
         /* These are external lookup methods */
         STACK_OF(X509_LOOKUP) *get_cert_methods;
@@ -191,10 +191,10 @@ struct x509_lookup_st
         X509_STORE *store_ctx;  /* who owns us */
         };
 
-/* This is a temporary used when processing cert chains.  Since the
+/* This is a used when verifying cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
  * 'retried', this needs to be kept and passed around. */
-struct x509_store_state_st      /* X509_STORE_CTX */
+struct x509_store_ctx_st      /* X509_STORE_CTX */
         {
         X509_STORE *ctx;
         int current_method;     /* used when looking up certs */
@@ -204,6 +204,16 @@ struct x509_store_state_st      /* X509_STORE_CTX */
         STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
         int purpose;            /* purpose to check untrusted certificates */
         int trust;              /* trust setting to check */
+        time_t  check_time;     /* time to make verify at */
+        unsigned long flags;    /* Various verify flags */
+        void *other_ctx;        /* Other info for use with get_issuer() */
+
+        /* Callbacks for various operations */
+        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
+        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
+        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
+        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+        int (*cleanup)(X509_STORE_CTX *ctx);
 
         /* The following is built up */
         int depth;              /* how far to go looking up certs */
@@ -215,6 +225,7 @@ struct x509_store_state_st      /* X509_STORE_CTX */
         int error_depth;
         int error;
         X509 *current_cert;
+        X509 *current_issuer;   /* cert currently being tested as valid issuer */
 
         CRYPTO_EX_DATA ex_data;
         };
@@ -265,10 +276,20 @@ struct x509_store_state_st      /* X509_STORE_CTX */
 #define         X509_V_ERR_INVALID_PURPOSE                      26
 #define         X509_V_ERR_CERT_UNTRUSTED                       27
 #define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+#define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+#define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+#define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+#define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
 
 /* The application is not happy */
 #define         X509_V_ERR_APPLICATION_VERIFICATION             50
 
+/* Certificate verify flags */
+
+#define X509_V_FLAG_CB_ISSUER_CHECK             0x1     /* Send issuer+subject checks to verify_cb */
+#define X509_V_FLAG_USE_CHECK_TIME              0x2     /* Use check time instead of current time */
+
                   /* These functions are being redefined in another directory,
                      and clash when the linker is case-insensitive, so let's
                      hide them a little, by giving them an extra 'o' at the
@@ -284,18 +305,23 @@ struct x509_store_state_st      /* X509_STORE_CTX */
 #define X509v3_add_standard_extensions oX509v3_add_standard_extensions
 #endif
 
-#ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
-#endif
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
 void X509_OBJECT_up_ref_count(X509_OBJECT *a);
 void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
 X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                          X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -354,6 +380,8 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                 int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/x509/x509spki.c b/src/lib/libssl/src/crypto/x509/x509spki.c
index b35c3f92e7..fd0a534d88 100644
--- a/src/lib/libssl/src/crypto/x509/x509spki.c
+++ b/src/lib/libssl/src/crypto/x509/x509spki.c
@@ -82,7 +82,7 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
         int spki_len;
         NETSCAPE_SPKI *spki;
         if(len <= 0) len = strlen(str);
-        if (!(spki_der = Malloc(len + 1))) {
+        if (!(spki_der = OPENSSL_malloc(len + 1))) {
                 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -90,12 +90,12 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
         if(spki_len < 0) {
                 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
                                                 X509_R_BASE64_DECODE_ERROR);
-                Free(spki_der);
+                OPENSSL_free(spki_der);
                 return NULL;
         }
         p = spki_der;
         spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
-        Free(spki_der);
+        OPENSSL_free(spki_der);
         return spki;
 }
 
@@ -107,8 +107,8 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
         char *b64_str;
         int der_len;
         der_len = i2d_NETSCAPE_SPKI(spki, NULL);
-        der_spki = Malloc(der_len);
-        b64_str = Malloc(der_len * 2);
+        der_spki = OPENSSL_malloc(der_len);
+        b64_str = OPENSSL_malloc(der_len * 2);
         if(!der_spki || !b64_str) {
                 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
                 return NULL;
@@ -116,6 +116,6 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
         p = der_spki;
         i2d_NETSCAPE_SPKI(spki, &p);
         EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
-        Free(der_spki);
+        OPENSSL_free(der_spki);
         return b64_str;
 }
diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c
index d2bf3c8e1c..9bd6e2a39b 100644
--- a/src/lib/libssl/src/crypto/x509/x_all.c
+++ b/src/lib/libssl/src/crypto/x509/x_all.c
@@ -411,13 +411,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
                 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
         }
 
-int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
              unsigned int *len)
         {
         return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
         }
 
-int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
+        }
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
+        }
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
              unsigned int *len)
         {
         return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
@@ -492,6 +504,17 @@ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
                 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
 }
 
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
+}
+
 #endif
 
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -529,3 +552,14 @@ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
         return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
                 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
         }
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+        {
+        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
+        }
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile.ssl b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
index 1bb746d52d..f7c3a6ca13 100644
--- a/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
@@ -88,17 +88,19 @@ v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_akey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_akey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 v3_akey.o: ../cryptlib.h
 v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -107,16 +109,18 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_alt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -125,53 +129,60 @@ v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_bcons.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bcons.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bcons.o: ../cryptlib.h
 v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/opensslconf.h
 v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bitst.o: ../cryptlib.h
 v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_conf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -180,36 +191,40 @@ v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_cpols.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_cpols.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_cpols.o: ../cryptlib.h
 v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_crld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_crld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 v3_crld.o: ../cryptlib.h
 v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -218,16 +233,18 @@ v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_enum.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -236,35 +253,40 @@ v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
 v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_extku.o: ../cryptlib.h
 v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_genn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_genn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 v3_genn.o: ../cryptlib.h
 v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -273,16 +295,18 @@ v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ia5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -291,17 +315,19 @@ v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 v3_info.o: ../cryptlib.h
 v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -310,16 +336,18 @@ v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_int.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -328,16 +356,18 @@ v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
 v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -346,17 +376,19 @@ v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 v3_pku.o: ../cryptlib.h
 v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -365,16 +397,18 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_prn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -383,16 +417,18 @@ v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_purp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_purp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -401,16 +437,18 @@ v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_skey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -419,51 +457,57 @@ v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+v3_sxnet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_sxnet.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_sxnet.o: ../cryptlib.h
 v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
-v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509v3.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_akey.c b/src/lib/libssl/src/crypto/x509v3/v3_akey.c
index 96c04fe4f5..0889a18993 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_akey.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_akey.c
@@ -132,7 +132,7 @@ void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
         M_ASN1_OCTET_STRING_free(a->keyid);
         sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
         M_ASN1_INTEGER_free (a->serial);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
@@ -142,7 +142,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         if(akeyid->keyid) {
                 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
                 X509V3_add_value("keyid", tmp, &extlist);
-                Free(tmp);
+                OPENSSL_free(tmp);
         }
         if(akeyid->issuer) 
                 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
@@ -150,7 +150,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                 tmp = hex_to_string(akeyid->serial->data,
                                                  akeyid->serial->length);
                 X509V3_add_value("serial", tmp, &extlist);
-                Free(tmp);
+                OPENSSL_free(tmp);
         }
         return extlist;
 }
@@ -224,7 +224,7 @@ if((issuer && !ikeyid) || (issuer == 2)) {
 if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
 
 if(isname) {
-        if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new())
+        if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
                 || !sk_GENERAL_NAME_push(gens, gen)) {
                 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
                 goto err;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 5ccd1e0e3d..733919f250 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -160,7 +160,7 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
         STACK_OF(GENERAL_NAME) *gens = NULL;
         CONF_VALUE *cnf;
         int i;
-        if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
                 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -225,7 +225,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
         STACK_OF(GENERAL_NAME) *gens = NULL;
         CONF_VALUE *cnf;
         int i;
-        if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
                 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -304,7 +304,7 @@ STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
         STACK_OF(GENERAL_NAME) *gens = NULL;
         CONF_VALUE *cnf;
         int i;
-        if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
                 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
index 1e3edc205f..c576b8e955 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
@@ -123,7 +123,7 @@ void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
 {
         if (a == NULL) return;
         M_ASN1_INTEGER_free (a->pathlen);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
index b2f03010cc..bdc9c1cbc1 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
@@ -167,7 +167,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
         X509_EXTENSION *ext;
         /* Convert internal representation to DER */
         ext_len = method->i2d(ext_struc, NULL);
-        if(!(ext_der = Malloc(ext_len))) goto merr;
+        if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
         p = ext_der;
         method->i2d(ext_struc, &p);
         if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
@@ -255,7 +255,7 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
 err:
 ASN1_OBJECT_free(obj);
 M_ASN1_OCTET_STRING_free(oct);
-if(ext_der) Free(ext_der);
+if(ext_der) OPENSSL_free(ext_der);
 return extension;
 }
 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 466713b50d..8203ed7571 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                         STACK_OF(CONF_VALUE) *unot, int ia5org);
-static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,
@@ -282,20 +282,22 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
         return NULL;
 }
 
-static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
 {
-        STACK *nnums;
+        STACK_OF(ASN1_INTEGER) *nnums;
         CONF_VALUE *cnf;
         ASN1_INTEGER *aint;
+
         int i;
-        if(!(nnums = sk_new_null())) goto merr;
+
+        if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
         for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
                 cnf = sk_CONF_VALUE_value(nos, i);
                 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
                         X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
                         goto err;
                 }
-                if(!sk_push(nnums, (char *)aint)) goto merr;
+                if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
         }
         return nnums;
 
@@ -303,7 +305,7 @@ static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
         X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
 
         err:
-        sk_pop_free(nnums, ASN1_STRING_free);
+        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
         return NULL;
 }
 
@@ -399,7 +401,7 @@ void POLICYINFO_free(POLICYINFO *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->policyid);
         sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
@@ -441,15 +443,15 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
                 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
                                                  ref->organization->data);
                 BIO_printf(out, "%*sNumber%s: ", indent, "",
-                                 (sk_num(ref->noticenos) > 1) ? "s" : "");
-                for(i = 0; i < sk_num(ref->noticenos); i++) {
+                           sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+                for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
                         ASN1_INTEGER *num;
                         char *tmp;
-                        num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
+                        num = sk_ASN1_INTEGER_value(ref->noticenos, i);
                         if(i) BIO_puts(out, ", ");
                         tmp = i2s_ASN1_INTEGER(NULL, num);
                         BIO_puts(out, tmp);
-                        Free(tmp);
+                        OPENSSL_free(tmp);
                 }
                 BIO_puts(out, "\n");
         }
@@ -551,7 +553,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a)
         }
         
         ASN1_OBJECT_free(a->pqualid);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
@@ -597,7 +599,7 @@ void USERNOTICE_free(USERNOTICE *a)
         if (a == NULL) return;
         NOTICEREF_free(a->noticeref);
         M_DISPLAYTEXT_free(a->exptext);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
@@ -605,12 +607,14 @@ int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
         M_ASN1_I2D_vars(a);
 
         M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
+                                     i2d_ASN1_INTEGER);
 
         M_ASN1_I2D_seq_total();
 
         M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
-        M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
+                                     i2d_ASN1_INTEGER);
 
         M_ASN1_I2D_finish();
 }
@@ -639,7 +643,8 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
         if(!ret->organization) {
                  M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
         }
-        M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
+        M_ASN1_D2I_get_seq_type(ASN1_INTEGER, ret->noticenos, d2i_ASN1_INTEGER,
+                                ASN1_STRING_free);
         M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
 }
 
@@ -647,8 +652,8 @@ void NOTICEREF_free(NOTICEREF *a)
 {
         if (a == NULL) return;
         M_DISPLAYTEXT_free(a->organization);
-        sk_pop_free(a->noticenos, ASN1_STRING_free);
-        Free (a);
+        sk_ASN1_INTEGER_pop_free(a->noticenos, ASN1_STRING_free);
+        OPENSSL_free (a);
 }
 
 IMPLEMENT_STACK_OF(POLICYQUALINFO)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
index e459d2595a..67feea4017 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -87,7 +87,7 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
         int i;
         for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
                 point = sk_DIST_POINT_value(crld, i);
-                if(point->distpoint->fullname) {
+                if(point->distpoint && point->distpoint->fullname) {
                         exts = i2v_GENERAL_NAMES(NULL,
                                          point->distpoint->fullname, exts);
                 }
@@ -95,7 +95,7 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
                         X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
                 if(point->CRLissuer)
                         X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
-                if(point->distpoint->relativename)
+                if(point->distpoint && point->distpoint->relativename)
                         X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
         }
         return exts;
@@ -109,7 +109,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
         GENERAL_NAME *gen = NULL;
         CONF_VALUE *cnf;
         int i;
-        if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
+        if(!(crld = sk_DIST_POINT_new_null())) goto merr;
         for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
                 DIST_POINT *point;
                 cnf = sk_CONF_VALUE_value(nval, i);
@@ -213,7 +213,7 @@ void DIST_POINT_free(DIST_POINT *a)
         DIST_POINT_NAME_free(a->distpoint);
         M_ASN1_BIT_STRING_free(a->reasons);
         sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
@@ -256,7 +256,7 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
         if (a == NULL) return;
         sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free);
         sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_extku.c b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
index e039d21cbf..53ec40a027 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_extku.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
@@ -129,7 +129,7 @@ ASN1_OBJECT *objtmp;
 CONF_VALUE *val;
 int i;
 
-if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
+if(!(extku = sk_ASN1_OBJECT_new_null())) {
         X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
         return NULL;
 }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_genn.c b/src/lib/libssl/src/crypto/x509v3/v3_genn.c
index 894afa7e03..d44751458e 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_genn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_genn.c
@@ -211,7 +211,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
                 break;
 
         }
-        Free (a);
+        OPENSSL_free (a);
 }
 
 /* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as
@@ -220,7 +220,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
 
 STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
 {
-        return sk_GENERAL_NAME_new(NULL);
+        return sk_GENERAL_NAME_new_null();
 }
 
 void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
@@ -286,6 +286,6 @@ void OTHERNAME_free(OTHERNAME *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->type_id);
         ASN1_TYPE_free(a->value);
-        Free (a);
+        OPENSSL_free (a);
 }
 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
index af3525f33e..f3bba38269 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c
@@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
 {
         char *tmp;
         if(!ia5 || !ia5->length) return NULL;
-        tmp = Malloc(ia5->length + 1);
+        tmp = OPENSSL_malloc(ia5->length + 1);
         memcpy(tmp, ia5->data, ia5->length);
         tmp[ia5->length] = 0;
         return tmp;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c
index 78d2135046..a045a629ee 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -94,7 +94,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                 if(!ret) break;
                 vtmp = sk_CONF_VALUE_value(ret, i);
                 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
-                ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+                ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
                 if(!ntmp) {
                         X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
                                         ERR_R_MALLOC_FAILURE);
@@ -103,7 +103,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                 strcpy(ntmp, objtmp);
                 strcat(ntmp, " - ");
                 strcat(ntmp, vtmp->name);
-                Free(vtmp->name);
+                OPENSSL_free(vtmp->name);
                 vtmp->name = ntmp;
                 
         }
@@ -119,7 +119,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
         ACCESS_DESCRIPTION *acc;
         int i, objlen;
         char *objtmp, *ptmp;
-        if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
+        if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
                 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -140,7 +140,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                 ctmp.value = cnf->value;
                 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
                                                                  goto err; 
-                if(!(objtmp = Malloc(objlen + 1))) {
+                if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
                         X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
@@ -150,10 +150,10 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                 if(!acc->method) {
                         X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
                         ERR_add_error_data(2, "value=", objtmp);
-                        Free(objtmp);
+                        OPENSSL_free(objtmp);
                         goto err;
                 }
-                Free(objtmp);
+                OPENSSL_free(objtmp);
 
         }
         return ainfo;
@@ -204,12 +204,12 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
         if (a == NULL) return;
         ASN1_OBJECT_free(a->method);
         GENERAL_NAME_free(a->location);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
 {
-        return sk_ACCESS_DESCRIPTION_new(NULL);
+        return sk_ACCESS_DESCRIPTION_new_null();
 }
 
 void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
index 4242d130a2..ea86b9ebb9 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -64,25 +64,27 @@
 
 #include "ext_dat.h"
 
-static STACK *ext_list = NULL;
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
-static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+                const X509V3_EXT_METHOD * const *b);
 static void ext_list_free(X509V3_EXT_METHOD *ext);
 
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 {
-        if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+        if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
                 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
-        if(!sk_push(ext_list, (char *)ext)) {
+        if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
                 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
         return 1;
 }
 
-static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+                const X509V3_EXT_METHOD * const *b)
 {
         return ((*a)->ext_nid - (*b)->ext_nid);
 }
@@ -95,12 +97,12 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
         tmp.ext_nid = nid;
         ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
                         (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                        sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp);
+                        sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
         if(ret) return *ret;
         if(!ext_list) return NULL;
-        idx = sk_find(ext_list, (char *)&tmp);
+        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
         if(idx == -1) return NULL;
-        return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
@@ -125,7 +127,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
                 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
                 return 0;
         }
-        if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+        if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
                 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -137,13 +139,13 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
 
 void X509V3_EXT_cleanup(void)
 {
-        sk_pop_free(ext_list, ext_list_free);
+        sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
         ext_list = NULL;
 }
 
 static void ext_list_free(X509V3_EXT_METHOD *ext)
 {
-        if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+        if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
 }
 
 /* Legacy function: we don't need to add standard extensions
@@ -213,9 +215,11 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
                 if(crit) *crit = found_ex->critical;
                 return X509V3_EXT_d2i(found_ex);
         }
-        
+
         /* Extension not found */
         if(idx) *idx = -1;
         if(crit) *crit = -1;
         return NULL;
 }
+
+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pku.c b/src/lib/libssl/src/crypto/x509v3/v3_pku.c
index 30a62c6090..47f9e8f123 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pku.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pku.c
@@ -121,7 +121,7 @@ void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
         if (a == NULL) return;
         M_ASN1_GENERALIZEDTIME_free(a->notBefore);
         M_ASN1_GENERALIZEDTIME_free(a->notAfter);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
index bee624c6be..dbc4fb1f16 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
@@ -133,7 +133,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
 
         err:
                 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-                if(value) Free(value);
+                if(value) OPENSSL_free(value);
                 method->ext_free(ext_str);
                 return ok;
 }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index 5594a1d64f..867699b26f 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -59,21 +59,24 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
 
 
 static void x509v3_cache_extensions(X509 *x);
 
-static int ca_check(X509 *x);
-static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
-static int purpose_smime(X509 *x, int ca);
-static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca);
-static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca);
-static int no_check(X509_PURPOSE *xp, X509 *x, int ca);
-
-static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b);
+static int ca_check(const X509 *x);
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+                const X509_PURPOSE * const *b);
 static void xptable_free(X509_PURPOSE *p);
 
 static X509_PURPOSE xstandard[] = {
@@ -92,15 +95,19 @@ IMPLEMENT_STACK_OF(X509_PURPOSE)
 
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
 
-static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b)
+static int xp_cmp(const X509_PURPOSE * const *a,
+                const X509_PURPOSE * const *b)
 {
         return (*a)->purpose - (*b)->purpose;
 }
 
+/* As much as I'd like to make X509_check_purpose use a "const" X509*
+ * I really can't because it does recalculate hashes and do other non-const
+ * things. */
 int X509_check_purpose(X509 *x, int id, int ca)
 {
         int idx;
-        X509_PURPOSE *pt;
+        const X509_PURPOSE *pt;
         if(!(x->ex_flags & EXFLAG_SET)) {
                 CRYPTO_w_lock(CRYPTO_LOCK_X509);
                 x509v3_cache_extensions(x);
@@ -152,7 +159,7 @@ int X509_PURPOSE_get_by_id(int purpose)
 }
 
 int X509_PURPOSE_add(int id, int trust, int flags,
-                        int (*ck)(X509_PURPOSE *, X509 *, int),
+                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
                                         char *name, char *sname, void *arg)
 {
         int idx;
@@ -165,17 +172,17 @@ int X509_PURPOSE_add(int id, int trust, int flags,
         idx = X509_PURPOSE_get_by_id(id);
         /* Need a new entry */
         if(idx == -1) {
-                if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
+                if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
                         X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
                         return 0;
                 }
                 ptmp->flags = X509_PURPOSE_DYNAMIC;
         } else ptmp = X509_PURPOSE_get0(idx);
 
-        /* Free existing name if dynamic */
+        /* OPENSSL_free existing name if dynamic */
         if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-                Free(ptmp->name);
-                Free(ptmp->sname);
+                OPENSSL_free(ptmp->name);
+                OPENSSL_free(ptmp->sname);
         }
         /* dup supplied name */
         ptmp->name = BUF_strdup(name);
@@ -214,10 +221,10 @@ static void xptable_free(X509_PURPOSE *p)
         if (p->flags & X509_PURPOSE_DYNAMIC) 
                 {
                 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
-                        Free(p->name);
-                        Free(p->sname);
+                        OPENSSL_free(p->name);
+                        OPENSSL_free(p->sname);
                 }
-                Free(p);
+                OPENSSL_free(p);
                 }
         }
 
@@ -249,16 +256,18 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
         return xp->trust;
 }
 
-#ifndef NO_SHA
 static void x509v3_cache_extensions(X509 *x)
 {
         BASIC_CONSTRAINTS *bs;
         ASN1_BIT_STRING *usage;
         ASN1_BIT_STRING *ns;
         STACK_OF(ASN1_OBJECT) *extusage;
+        
         int i;
         if(x->ex_flags & EXFLAG_SET) return;
+#ifndef NO_SHA
         X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+#endif
         /* Does subject name match issuer ? */
         if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
                          x->ex_flags |= EXFLAG_SS;
@@ -322,9 +331,10 @@ static void x509v3_cache_extensions(X509 *x)
                 x->ex_flags |= EXFLAG_NSCERT;
                 ASN1_BIT_STRING_free(ns);
         }
+        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
         x->ex_flags |= EXFLAG_SET;
 }
-#endif
 
 /* CA checks common to all purposes
  * return codes:
@@ -342,7 +352,7 @@ static void x509v3_cache_extensions(X509 *x)
 #define ns_reject(x, usage) \
         (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
 
-static int ca_check(X509 *x)
+static int ca_check(const X509 *x)
 {
         /* keyUsage if present should allow cert signing */
         if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
@@ -356,22 +366,26 @@ static int ca_check(X509 *x)
         }
 }
 
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+        int ca_ret;
+        ca_ret = ca_check(x);
+        if(!ca_ret) return 0;
+        /* check nsCertType if present */
+        if(x->ex_flags & EXFLAG_NSCERT) {
+                if(x->ex_nscert & NS_SSL_CA) return ca_ret;
+                return 0;
+        }
+        if(ca_ret != 2) return ca_ret;
+        else return 0;
+}
+        
 
-static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
-        if(ca) {
-                int ca_ret;
-                ca_ret = ca_check(x);
-                if(!ca_ret) return 0;
-                /* check nsCertType if present */
-                if(x->ex_flags & EXFLAG_NSCERT) {
-                        if(x->ex_nscert & NS_SSL_CA) return ca_ret;
-                        return 0;
-                }
-                if(ca_ret != 2) return ca_ret;
-                else return 0;
-        }
+        if(ca) return check_ssl_ca(x);
         /* We need to do digital signatures with it */
         if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
         /* nsCertType if present should allow SSL client use */ 
@@ -379,11 +393,10 @@ static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
         return 1;
 }
 
-static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
-        /* Otherwise same as SSL client for a CA */
-        if(ca) return check_purpose_ssl_client(xp, x, 1);
+        if(ca) return check_ssl_ca(x);
 
         if(ns_reject(x, NS_SSL_SERVER)) return 0;
         /* Now as for keyUsage: we'll at least need to sign OR encipher */
@@ -393,7 +406,7 @@ static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
 
 }
 
-static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         int ret;
         ret = check_purpose_ssl_server(xp, x, ca);
@@ -404,7 +417,7 @@ static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
 }
 
 /* common S/MIME checks */
-static int purpose_smime(X509 *x, int ca)
+static int purpose_smime(const X509 *x, int ca)
 {
         if(xku_reject(x,XKU_SMIME)) return 0;
         if(ca) {
@@ -428,7 +441,7 @@ static int purpose_smime(X509 *x, int ca)
         return 1;
 }
 
-static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         int ret;
         ret = purpose_smime(x, ca);
@@ -437,7 +450,7 @@ static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
         return ret;
 }
 
-static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         int ret;
         ret = purpose_smime(x, ca);
@@ -446,7 +459,7 @@ static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
         return ret;
 }
 
-static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         if(ca) {
                 int ca_ret;
@@ -457,7 +470,64 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
         return 1;
 }
 
-static int no_check(X509_PURPOSE *xp, X509 *x, int ca)
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
         return 1;
 }
+
+/* Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+        if(X509_NAME_cmp(X509_get_subject_name(issuer),
+                        X509_get_issuer_name(subject)))
+                                return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+        x509v3_cache_extensions(issuer);
+        x509v3_cache_extensions(subject);
+        if(subject->akid) {
+                /* Check key ids (if present) */
+                if(subject->akid->keyid && issuer->skid &&
+                 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
+                                return X509_V_ERR_AKID_SKID_MISMATCH;
+                /* Check serial number */
+                if(subject->akid->serial &&
+                        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
+                                                subject->akid->serial))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                /* Check issuer name */
+                if(subject->akid->issuer) {
+                        /* Ugh, for some peculiar reason AKID includes
+                         * SEQUENCE OF GeneralName. So look for a DirName.
+                         * There may be more than one but we only take any
+                         * notice of the first.
+                         */
+                        STACK_OF(GENERAL_NAME) *gens;
+                        GENERAL_NAME *gen;
+                        X509_NAME *nm = NULL;
+                        int i;
+                        gens = subject->akid->issuer;
+                        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+                                gen = sk_GENERAL_NAME_value(gens, i);
+                                if(gen->type == GEN_DIRNAME) {
+                                        nm = gen->d.dirn;
+                                        break;
+                                }
+                        }
+                        if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                }
+        }
+        if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+        return X509_V_OK;
+}
+
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
index 20ba8ac8d6..bfecacd336 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
@@ -132,7 +132,7 @@ void SXNET_free(SXNET *a)
         if (a == NULL) return;
         M_ASN1_INTEGER_free(a->version);
         sk_SXNETID_pop_free(a->ids, SXNETID_free);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 int i2d_SXNETID(SXNETID *a, unsigned char **pp)
@@ -176,7 +176,7 @@ void SXNETID_free(SXNETID *a)
         if (a == NULL) return;
         M_ASN1_INTEGER_free(a->zone);
         M_ASN1_OCTET_STRING_free(a->user);
-        Free (a);
+        OPENSSL_free (a);
 }
 
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
@@ -192,7 +192,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
                 id = sk_SXNETID_value(sx->ids, i);
                 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
                 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
-                Free(tmp);
+                OPENSSL_free(tmp);
                 M_ASN1_OCTET_STRING_print(out, id->user);
         }
         return 1;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
index 4c2c4a9483..619f161b58 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
@@ -65,6 +65,10 @@
 #include <openssl/x509v3.h>
 
 static char *strip_spaces(char *name);
+static int sk_strcmp(const char * const *a, const char * const *b);
+static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens);
+static void str_free(void *str);
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
 
 /* Add a CONF_VALUE name value pair to stack */
 
@@ -75,8 +79,8 @@ int X509V3_add_value(const char *name, const char *value,
         char *tname = NULL, *tvalue = NULL;
         if(name && !(tname = BUF_strdup(name))) goto err;
         if(value && !(tvalue = BUF_strdup(value))) goto err;;
-        if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
-        if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
+        if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
+        if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
         vtmp->section = NULL;
         vtmp->name = tname;
         vtmp->value = tvalue;
@@ -84,9 +88,9 @@ int X509V3_add_value(const char *name, const char *value,
         return 1;
         err:
         X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
-        if(vtmp) Free(vtmp);
-        if(tname) Free(tname);
-        if(tvalue) Free(tvalue);
+        if(vtmp) OPENSSL_free(vtmp);
+        if(tname) OPENSSL_free(tname);
+        if(tvalue) OPENSSL_free(tvalue);
         return 0;
 }
 
@@ -101,10 +105,10 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
 void X509V3_conf_free(CONF_VALUE *conf)
 {
         if(!conf) return;
-        if(conf->name) Free(conf->name);
-        if(conf->value) Free(conf->value);
-        if(conf->section) Free(conf->section);
-        Free(conf);
+        if(conf->name) OPENSSL_free(conf->name);
+        if(conf->value) OPENSSL_free(conf->value);
+        if(conf->section) OPENSSL_free(conf->section);
+        OPENSSL_free(conf);
 }
 
 int X509V3_add_value_bool(const char *name, int asn1_bool,
@@ -176,7 +180,7 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
         if(!aint) return 1;
         if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
         ret = X509V3_add_value(name, strtmp, extlist);
-        Free(strtmp);
+        OPENSSL_free(strtmp);
         return ret;
 }
 
@@ -298,11 +302,11 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
                 }
                 X509V3_add_value(ntmp, NULL, &values);
         }
-Free(linebuf);
+OPENSSL_free(linebuf);
 return values;
 
 err:
-Free(linebuf);
+OPENSSL_free(linebuf);
 sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
 return NULL;
 
@@ -325,8 +329,9 @@ static char *strip_spaces(char *name)
 
 /* hex string utilities */
 
-/* Given a buffer of length 'len' return a Malloc'ed string with its
+/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
  * hex representation
+ * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
  */
 
 char *hex_to_string(unsigned char *buffer, long len)
@@ -336,7 +341,7 @@ char *hex_to_string(unsigned char *buffer, long len)
         int i;
         static char hexdig[] = "0123456789ABCDEF";
         if(!buffer || !len) return NULL;
-        if(!(tmp = Malloc(len * 3 + 1))) {
+        if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
                 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -347,6 +352,10 @@ char *hex_to_string(unsigned char *buffer, long len)
                 *q++ = ':';
         }
         q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
         return tmp;
 }
 
@@ -362,14 +371,20 @@ unsigned char *string_to_hex(char *str, long *len)
                 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
                 return NULL;
         }
-        if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err;
+        if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
         for(p = (unsigned char *)str, q = hexbuf; *p;) {
                 ch = *p++;
+#ifdef CHARSET_EBCDIC
+                ch = os_toebcdic[ch];
+#endif
                 if(ch == ':') continue;
                 cl = *p++;
+#ifdef CHARSET_EBCDIC
+                cl = os_toebcdic[cl];
+#endif
                 if(!cl) {
                         X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
-                        Free(hexbuf);
+                        OPENSSL_free(hexbuf);
                         return NULL;
                 }
                 if(isupper(ch)) ch = tolower(ch);
@@ -391,12 +406,12 @@ unsigned char *string_to_hex(char *str, long *len)
         return hexbuf;
 
         err:
-        if(hexbuf) Free(hexbuf);
+        if(hexbuf) OPENSSL_free(hexbuf);
         X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
         return NULL;
 
         badhex:
-        Free(hexbuf);
+        OPENSSL_free(hexbuf);
         X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
         return NULL;
 
@@ -416,3 +431,86 @@ int name_cmp(const char *name, const char *cmp)
         if(!c || (c=='.')) return 0;
         return 1;
 }
+
+static int sk_strcmp(const char * const *a, const char * const *b)
+{
+        return strcmp(*a, *b);
+}
+
+STACK *X509_get1_email(X509 *x)
+{
+        STACK_OF(GENERAL_NAME) *gens;
+        STACK *ret;
+        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return ret;
+}
+
+STACK *X509_REQ_get1_email(X509_REQ *x)
+{
+        STACK_OF(GENERAL_NAME) *gens;
+        STACK_OF(X509_EXTENSION) *exts;
+        STACK *ret;
+        exts = X509_REQ_get_extensions(x);
+        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_REQ_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        return ret;
+}
+
+
+static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens)
+{
+        STACK *ret = NULL;
+        X509_NAME_ENTRY *ne;
+        ASN1_IA5STRING *email;
+        GENERAL_NAME *gen;
+        int i;
+        /* Now add any email address(es) to STACK */
+        i = -1;
+        /* First supplied X509_NAME */
+        while((i = X509_NAME_get_index_by_NID(name,
+                                         NID_pkcs9_emailAddress, i)) > 0) {
+                ne = X509_NAME_get_entry(name, i);
+                email = X509_NAME_ENTRY_get_data(ne);
+                if(!append_ia5(&ret, email)) return NULL;
+        }
+        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+        {
+                gen = sk_GENERAL_NAME_value(gens, i);
+                if(gen->type != GEN_EMAIL) continue;
+                if(!append_ia5(&ret, gen->d.ia5)) return NULL;
+        }
+        return ret;
+}
+
+static void str_free(void *str)
+{
+        OPENSSL_free(str);
+}
+
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+{
+        char *emtmp;
+        /* First some sanity checks */
+        if(email->type != V_ASN1_IA5STRING) return 1;
+        if(!email->data || !email->length) return 1;
+        if(!*sk) *sk = sk_new(sk_strcmp);
+        if(!*sk) return 0;
+        /* Don't add duplicates */
+        if(sk_find(*sk, (char *)email->data) != -1) return 1;
+        emtmp = BUF_strdup((char *)email->data);
+        if(!emtmp || !sk_push(*sk, emtmp)) {
+                X509_email_free(*sk);
+                *sk = NULL;
+                return 0;
+        }
+        return 1;
+}
+
+void X509_email_free(STACK *sk)
+{
+        sk_pop_free(sk, str_free);
+}
diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h
index 96ceb7c4fb..0453b12d63 100644
--- a/src/lib/libssl/src/crypto/x509v3/x509v3.h
+++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h
@@ -58,14 +58,14 @@
 #ifndef HEADER_X509V3_H
 #define HEADER_X509V3_H
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 #include <openssl/conf.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
@@ -131,6 +131,8 @@ void *db;
 typedef struct v3_ext_method X509V3_EXT_METHOD;
 typedef struct v3_ext_ctx X509V3_CTX;
 
+DECLARE_STACK_OF(X509V3_EXT_METHOD)
+
 /* ext_flags values */
 #define X509V3_EXT_DYNAMIC      0x1
 #define X509V3_EXT_CTX_DEP      0x2
@@ -227,7 +229,7 @@ typedef struct SXNET_st {
 
 typedef struct NOTICEREF_st {
         ASN1_STRING *organization;
-        STACK *noticenos;
+        STACK_OF(ASN1_INTEGER) *noticenos;
 } NOTICEREF;
 
 typedef struct USERNOTICE_st {
@@ -332,7 +334,8 @@ typedef struct x509_purpose_st {
         int purpose;
         int trust;              /* Default trust ID */
         int flags;
-        int (*check_purpose)(struct x509_purpose_st *, X509 *, int);
+        int (*check_purpose)(const struct x509_purpose_st *,
+                                const X509 *, int);
         char *name;
         char *sname;
         void *usr_data;
@@ -529,12 +532,13 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
 int X509_PURPOSE_get_by_id(int id);
 int X509_PURPOSE_add(int id, int trust, int flags,
-                        int (*ck)(X509_PURPOSE *, X509 *, int),
+                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
                                 char *name, char *sname, void *arg);
 char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
 char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
@@ -542,6 +546,11 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(X509_PURPOSE *);
 
+STACK *X509_get1_email(X509 *x);
+STACK *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK *sk);
+
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/src/demos/b64.c b/src/lib/libssl/src/demos/b64.c
index ad86bc9b49..8e248e7e72 100644
--- a/src/lib/libssl/src/demos/b64.c
+++ b/src/lib/libssl/src/demos/b64.c
@@ -177,11 +177,11 @@ bad:
                 if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
                 }
 
-        strbuf=Malloc(SIZE);
-        buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+        strbuf=OPENSSL_malloc(SIZE);
+        buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
         if ((buff == NULL) || (strbuf == NULL))
                 {
-                BIO_printf(bio_err,"Malloc failure\n");
+                BIO_printf(bio_err,"OPENSSL_malloc failure\n");
                 goto end;
                 }
 
@@ -259,8 +259,8 @@ bad:
                 BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
                 }
 end:
-        if (strbuf != NULL) Free(strbuf);
-        if (buff != NULL) Free(buff);
+        if (strbuf != NULL) OPENSSL_free(strbuf);
+        if (buff != NULL) OPENSSL_free(buff);
         if (in != NULL) BIO_free(in);
         if (out != NULL) BIO_free(out);
         if (benc != NULL) BIO_free(benc);
diff --git a/src/lib/libssl/src/doc/README b/src/lib/libssl/src/doc/README
index 14469a82e3..6ecc14d994 100644
--- a/src/lib/libssl/src/doc/README
+++ b/src/lib/libssl/src/doc/README
@@ -4,6 +4,8 @@
  ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
  openssl.txt ......... Assembled documentation files for OpenSSL [not final]
  ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
+ standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
+                       that are related to OpenSSL.
 
  An archive of HTML documents for the SSLeay library is available from
  http://www.columbia.edu/~ariel/ssleay/
diff --git a/src/lib/libssl/src/doc/apps/CA.pl.pod b/src/lib/libssl/src/doc/apps/CA.pl.pod
index 9d287f0c4d..63cd1320cc 100644
--- a/src/lib/libssl/src/doc/apps/CA.pl.pod
+++ b/src/lib/libssl/src/doc/apps/CA.pl.pod
@@ -69,9 +69,16 @@ list box), otherwise the name "My Certificate" is used.
 
 calls the B<ca> program to sign a certificate request. It expects the request
 to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xcert> option when it is written
+"newcert.pem" except in the case of the B<-xsign> option when it is written
 to standard output.
 
+
+=item B<-signCA>
+
+this option is the same as the B<-signreq> option except it uses the configuration
+file section B<v3_ca> and so makes the signed request a valid CA certificate. This
+is useful when creating intermediate CA from a root CA.
+
 =item B<-signcert>
 
 this option is the same as B<-sign> except it expects a self signed certificate
@@ -122,7 +129,7 @@ Create the CA directories and files:
 
 enter cacert.pem when prompted for the CA file name.
 
-Create a DSA certificate request and privat key (a different set of parameters
+Create a DSA certificate request and private key (a different set of parameters
 can optionally be created first):
 
  openssl req -out newreq.pem -newkey dsa:dsap.pem 
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 03209aa6b1..d352925864 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -23,6 +23,7 @@ B<openssl> B<ca>
 [B<-policy arg>]
 [B<-keyfile arg>]
 [B<-key arg>]
+[B<-passin arg>]
 [B<-cert file>]
 [B<-in file>]
 [B<-out file>]
@@ -99,6 +100,10 @@ the password used to encrypt the private key. Since on some
 systems the command line arguments are visible (e.g. Unix with
 the 'ps' utility) this option should be used with caution.
 
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 =item B<-verbose>
 
 this prints extra details about the operations being performed.
@@ -342,6 +347,10 @@ Sign a certificate request:
 
  openssl ca -in req.pem -out newcert.pem
 
+Sign a certificate request, using CA extensions:
+
+ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+
 Generate a CRL
 
  openssl ca -gencrl -out crl.pem
diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod
index 2301e28251..21077614a7 100644
--- a/src/lib/libssl/src/doc/apps/ciphers.pod
+++ b/src/lib/libssl/src/doc/apps/ciphers.pod
@@ -25,9 +25,13 @@ the appropriate cipherlist.
 
 =item B<-v>
 
-verbose option. List ciphers with a complete description of the authentication,
-key exchange, encryption and mac algorithms used along with any key size
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
+authentication, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.
+Note that without the B<-v> option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+SSL v2 and for SSL v3/TLS v1.
 
 =item B<-ssl3>
 
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index fcfd3ecf23..1648742bcf 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -2,25 +2,32 @@
 
 =head1 NAME
 
-dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests
+dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
 
 =head1 SYNOPSIS
 
 B<openssl> B<dgst> 
-[B<-md5|-md2|-sha1|-sha|mdc2|-ripemd160>]
+[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
 [B<-c>]
 [B<-d>]
+[B<-hex>]
+[B<-binary>]
+[B<-out filename>]
+[B<-sign filename>]
+[B<-verify filename>]
+[B<-prverify filename>]
+[B<-signature filename>]
 [B<file...>]
 
-[B<md5|md2|sha1|sha|mdc2|ripemd160>]
+[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
 [B<-c>]
 [B<-d>]
 [B<file...>]
 
 =head1 DESCRIPTION
 
-The digest functions print out the message digest of a supplied file or files
-in hexadecimal form.
+The digest functions output the message digest of a supplied file or files
+in hexadecimal form. They can also be used for digital signing and verification.
 
 =head1 OPTIONS
 
@@ -28,12 +35,51 @@ in hexadecimal form.
 
 =item B<-c>
 
-print out the digest in two digit groups separated by colons.
+print out the digest in two digit groups separated by colons, only relevant if
+B<hex> format output is used.
 
 =item B<-d>
 
 print out BIO debugging information.
 
+=item B<-hex>
+
+digest is to be output as a hex dump. This is the default case for a "normal"
+digest as opposed to a digital signature.
+
+=item B<-binary>
+
+output the digest or signature in binary form.
+
+=item B<-out filename>
+
+filename to output to, or standard output by default.
+
+=item B<-sign filename>
+
+digitally sign the digest using the private key in "filename".
+
+=item B<-verify filename>
+
+verify the signature using the the public key in "filename".
+The output is either "Verification OK" or "Verification Failure".
+
+=item B<-prverify filename>
+
+verify the signature using the  the private key in "filename".
+
+=item B<-signature filename>
+
+the actual signature to verify.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others. 
+
 =item B<file...>
 
 file or files to digest. If no files are specified then standard input is
@@ -46,4 +92,13 @@ used.
 The digest of choice for all new applications is SHA1. Other digests are
 however still widely used.
 
+If you wish to sign or verify data using the DSA algorithm then the dss1
+digest must be used.
+
+A source of random numbers is required for certain signing algorithms, in
+particular DSA.
+
+The signing and verify options should only be used if a single file is
+being signed or verified.
+
 =cut
diff --git a/src/lib/libssl/src/doc/apps/dhparam.pod b/src/lib/libssl/src/doc/apps/dhparam.pod
index 15aabf4ac8..ff8a6e5e5b 100644
--- a/src/lib/libssl/src/doc/apps/dhparam.pod
+++ b/src/lib/libssl/src/doc/apps/dhparam.pod
@@ -73,7 +73,7 @@ input file is ignored and parameters are generated instead.
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item I<numbits>
diff --git a/src/lib/libssl/src/doc/apps/dsaparam.pod b/src/lib/libssl/src/doc/apps/dsaparam.pod
index 8647f34698..50c2f61242 100644
--- a/src/lib/libssl/src/doc/apps/dsaparam.pod
+++ b/src/lib/libssl/src/doc/apps/dsaparam.pod
@@ -73,7 +73,7 @@ parameters.
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item B<numbits>
diff --git a/src/lib/libssl/src/doc/apps/gendsa.pod b/src/lib/libssl/src/doc/apps/gendsa.pod
index 3314ace517..74318fe7fb 100644
--- a/src/lib/libssl/src/doc/apps/gendsa.pod
+++ b/src/lib/libssl/src/doc/apps/gendsa.pod
@@ -34,7 +34,7 @@ If none of these options is specified no encryption is used.
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item B<paramfile>
diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod
index 70d35fef0a..cdcc03c123 100644
--- a/src/lib/libssl/src/doc/apps/genrsa.pod
+++ b/src/lib/libssl/src/doc/apps/genrsa.pod
@@ -51,7 +51,7 @@ the public exponent to use, either 65537 or 3. The default is 65537.
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item B<numbits>
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index 2fc61b6c21..0cbd199d79 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -83,9 +83,10 @@ CRL to PKCS#7 Conversion.
 
 Message Digest Calculation.
 
-=item L<B<dh>|dh(1)>
+=item B<dh>
 
-Diffie-Hellman Data Management.
+Diffie-Hellman Parameter Management.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
 
 =item L<B<dsa>|dsa(1)>
 
@@ -103,9 +104,14 @@ Encoding with Ciphers.
 
 Error Number to Error String Conversion.
 
-=item L<B<gendh>|gendh(1)>
+=item L<B<dhparam>|dhparam(1)>
+
+Generation and Management of Diffie-Hellman Parameters.
+
+=item B<gendh>
 
 Generation of Diffie-Hellman Parameters.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
 
 =item L<B<gendsa>|gendsa(1)>
 
@@ -135,6 +141,10 @@ X.509 Certificate Signing Request (CSR) Management.
 
 RSA Data Management.
 
+=item L<B<rsautl>|rsautl(1)>
+
+RSA utility for signing, verification, encryption, and decryption.
+
 =item L<B<s_client>|s_client(1)>
 
 This implements a generic SSL/TLS client which can establish a transparent
@@ -309,7 +319,8 @@ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
 L<passwd(1)|passwd(1)>,
 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, L<s_client(1)|s_client(1)>,
+L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
 L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
 L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 
diff --git a/src/lib/libssl/src/doc/apps/passwd.pod b/src/lib/libssl/src/doc/apps/passwd.pod
index cee6a2f172..6e098940c7 100644
--- a/src/lib/libssl/src/doc/apps/passwd.pod
+++ b/src/lib/libssl/src/doc/apps/passwd.pod
@@ -8,6 +8,7 @@ passwd - compute password hashes
 
 B<openssl passwd>
 [B<-crypt>]
+[B<-1>]
 [B<-apr1>]
 [B<-salt> I<string>]
 [B<-in> I<file>]
@@ -22,8 +23,8 @@ The B<passwd> command computes the hash of a password typed at
 run-time or the hash of each password in a list.  The password list is
 taken from the named file for option B<-in file>, from stdin for
 option B<-stdin>, and from the command line otherwise.
-The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
-are available.
+The Unix standard algorithm B<crypt> and the MD5-based BSD password
+algorithm B<1> and its Apache variant B<apr1> are available.
 
 =head1 OPTIONS
 
@@ -33,9 +34,13 @@ are available.
 
 Use the B<crypt> algorithm (default).
 
+=item B<-1>
+
+Use the MD5 based BSD password algorithm B<1>.
+
 =item B<-apr1>
 
-Use the B<apr1> algorithm.
+Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
 
 =item B<-salt> I<string>
 
@@ -64,6 +69,8 @@ to each password hash.
 
 B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
 
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+
 B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
 
 =cut
diff --git a/src/lib/libssl/src/doc/apps/pkcs12.pod b/src/lib/libssl/src/doc/apps/pkcs12.pod
index 241f9c4a8b..c4009998b8 100644
--- a/src/lib/libssl/src/doc/apps/pkcs12.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs12.pod
@@ -244,7 +244,7 @@ to be needed to use MAC iterations counts but they are now used by default.
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =back
diff --git a/src/lib/libssl/src/doc/apps/rand.pod b/src/lib/libssl/src/doc/apps/rand.pod
index f81eab0457..cbf8768801 100644
--- a/src/lib/libssl/src/doc/apps/rand.pod
+++ b/src/lib/libssl/src/doc/apps/rand.pod
@@ -34,7 +34,7 @@ Write to I<file> instead of standard output.
 Use specified file or files or EGD socket (see L<RAND_egd(3)|RAND_egd(3)>)
 for seeding the random number generator.
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item B<-base64>
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index fde6ff2e9f..a3f54f45a3 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -19,6 +19,7 @@ B<openssl> B<req>
 [B<-verify>]
 [B<-modulus>]
 [B<-new>]
+[B<-rand file(s)>]
 [B<-newkey rsa:bits>]
 [B<-newkey dsa:file>]
 [B<-nodes>]
@@ -104,6 +105,14 @@ in the configuration file and any requested extensions.
 If the B<-key> option is not used it will generate a new RSA private
 key using information specified in the configuration file.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
 =item B<-newkey arg>
 
 this option creates a new certificate request and a new private
@@ -158,6 +167,7 @@ when the B<-x509> option is being used this specifies the number of
 days to certify the certificate for. The default is 30 days.
 
 =item B<-extensions section>
+
 =item B<-reqexts section>
 
 these options specify alternative sections to include certificate
diff --git a/src/lib/libssl/src/doc/apps/rsa.pod b/src/lib/libssl/src/doc/apps/rsa.pod
index 62ad62e23d..f0e613ed05 100644
--- a/src/lib/libssl/src/doc/apps/rsa.pod
+++ b/src/lib/libssl/src/doc/apps/rsa.pod
@@ -14,6 +14,7 @@ B<openssl> B<rsa>
 [B<-passin arg>]
 [B<-out filename>]
 [B<-passout arg>]
+[B<-sgckey>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -42,9 +43,8 @@ This specifies the input format. The B<DER> option uses an ASN1 DER encoded
 form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
 The B<PEM> form is the default format: it consists of the B<DER> format base64
 encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The B<NET> form is a format compatible with older Netscape
-servers and MS IIS, this uses unsalted RC4 for its encryption. It is not very
-secure and so should only be used when necessary.
+keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
+section.
 
 =item B<-outform DER|NET|PEM>
 
@@ -74,6 +74,11 @@ filename.
 the output file password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
+=item B<-sgckey>
+
+use the modified NET algorithm used with some versions of Microsoft IIS and SGC
+keys.
+
 =item B<-des|-des3|-idea>
 
 These options encrypt the private key with the DES, triple DES, or the 
@@ -126,6 +131,18 @@ The PEM public key format uses the header and footer lines:
  -----BEGIN PUBLIC KEY-----
  -----END PUBLIC KEY-----
 
+The B<NET> form is a format compatible with older Netscape servers
+and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
+It is not very secure and so should only be used when necessary.
+
+Some newer version of IIS have additional data in the exported .key
+files. To use thse with the utility view the file with a binary editor
+and look for the string "private-key", then trace back to the byte
+sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
+from this point onwards to another file and use that as the input
+to the B<rsa> utility with the B<-inform NET> option. If you get
+an error after entering the password try the B<-sgckey> option.
+
 =head1 EXAMPLES
 
 To remove the pass phrase on an RSA private key:
@@ -148,6 +165,14 @@ To just output the public part of a private key:
 
  openssl rsa -in key.pem -pubout -out pubkey.pem
 
+=head1 BUGS
+
+The command line password arguments don't currently work with
+B<NET> format.
+
+There should be an option that automatically handles .key files,
+without having to manually edit them.
+
 =head1 SEE ALSO
 
 L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
diff --git a/src/lib/libssl/src/doc/apps/rsautl.pod b/src/lib/libssl/src/doc/apps/rsautl.pod
new file mode 100644
index 0000000000..7a334bc8d6
--- /dev/null
+++ b/src/lib/libssl/src/doc/apps/rsautl.pod
@@ -0,0 +1,183 @@
+=pod
+
+=head1 NAME
+
+rsautl - RSA utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsautl>
+[B<-in file>]
+[B<-out file>]
+[B<-inkey file>]
+[B<-pubin>]
+[B<-certin>]
+[B<-sign>]
+[B<-verify>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-pkcs>]
+[B<-ssl>]
+[B<-raw>]
+[B<-hexdump>]
+[B<-asn1parse>]
+
+=head1 DESCRIPTION
+
+The B<rsautl> command can be used to sign, verify, encrypt and decrypt
+data using the RSA algorithm.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read data from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-inkey file>
+
+the input key file, by default it should be an RSA private key.
+
+=item B<-pubin>
+
+the input file is an RSA public key. 
+
+=item B<-certin>
+
+the input is a certificate containing an RSA public key. 
+
+=item B<-sign>
+
+sign the input data and output the signed result. This requires
+and RSA private key.
+
+=item B<-verify>
+
+verify the input data and output the recovered data.
+
+=item B<-encrypt>
+
+encrypt the input data using an RSA public key.
+
+=item B<-decrypt>
+
+decrypt the input data using an RSA private key.
+
+=item B<-pkcs, -oaep, -ssl, -raw>
+
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
+special padding used in SSL v2 backwards compatible handshakes,
+or no padding, respectively.
+For signatures, only B<-pkcs> and B<-raw> can be used.
+
+=item B<-hexdump>
+
+hex dump the output data.
+
+=item B<-asn1parse>
+
+asn1parse the output data, this is useful when combined with the
+B<-verify> option.
+
+=back
+
+=head1 NOTES
+
+B<rsautl> because it uses the RSA algorithm directly can only be
+used to sign or verify small pieces of data.
+
+=head1 EXAMPLES
+
+Sign some data using a private key:
+
+ openssl rsautl -sign -in file -inkey key.pem -out sig
+
+Recover the signed data
+
+ openssl rsautl -sign -in sig -inkey key.pem
+
+Examine the raw signed data:
+
+ openssl rsautl -sign -in file -inkey key.pem -raw -hexdump
+
+ 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
+
+The PKCS#1 block formatting is evident from this. If this was done using
+encrypt and decrypt the block would have been of type 2 (the second byte)
+and random padding data visible instead of the 0xff bytes.
+
+It is possible to analyse the signature of certificates using this
+utility in conjunction with B<asn1parse>. Consider the self signed
+example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
+
+ openssl asn1parse -in pca-cert.pem
+
+    0:d=0  hl=4 l= 742 cons: SEQUENCE          
+    4:d=1  hl=4 l= 591 cons:  SEQUENCE          
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]        
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE          
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL              
+   31:d=2  hl=2 l=  92 cons:   SEQUENCE          
+   33:d=3  hl=2 l=  11 cons:    SET               
+   35:d=4  hl=2 l=   9 cons:     SEQUENCE          
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+  ....
+  599:d=1  hl=2 l=  13 cons:  SEQUENCE          
+  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+  612:d=2  hl=2 l=   0 prim:   NULL              
+  614:d=1  hl=3 l= 129 prim:  BIT STRING        
+
+
+The final BIT STRING contains the actual signature. It can be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+
+The certificate public key can be extracted with:
+ 
+ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+
+The signature can be analysed with:
+
+ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
+
+    0:d=0  hl=2 l=  32 cons: SEQUENCE          
+    2:d=1  hl=2 l=  12 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+   14:d=2  hl=2 l=   0 prim:   NULL              
+   16:d=1  hl=2 l=  16 prim:  OCTET STRING      
+      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+
+This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
+the digest used was md5. The actual part of the certificate that was signed can
+be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+
+and its digest computed with:
+
+ openssl md5 -c tbs
+ MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+
+which it can be seen agrees with the recovered value above.
+
+=head1 SEE ALSO
+
+L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index 2f80375319..9df1c07fb7 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -32,6 +32,7 @@ B<openssl> B<s_client>
 [B<-no_tls1>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
+[B<-engine id>]
 
 =head1 DESCRIPTION
 
@@ -156,6 +157,13 @@ the server determines which cipher suite is used it should take the first
 supported cipher in the list sent by the client. See the B<ciphers>
 command for more information.
 
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index 0f29c361d9..3a5bf46e28 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -39,6 +39,7 @@ B<openssl> B<s_client>
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
+[B<-engine id>]
 
 =head1 DESCRIPTION
 
@@ -186,6 +187,13 @@ emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded.
 
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod
index 631ecdc241..ce99b5c345 100644
--- a/src/lib/libssl/src/doc/apps/smime.pod
+++ b/src/lib/libssl/src/doc/apps/smime.pod
@@ -22,8 +22,12 @@ B<openssl> B<smime>
 [B<-signer file>]
 [B<-recip  file>]
 [B<-in file>]
+[B<-inform SMIME|PEM|DER>]
+[B<-passin arg>]
 [B<-inkey file>]
 [B<-out file>]
+[B<-outform SMIME|PEM|DER>]
+[B<-content file>]
 [B<-to addr>]
 [B<-from ad>]
 [B<-subject s>]
@@ -74,11 +78,37 @@ takes an input message and writes out a PEM encoded PKCS#7 structure.
 the input message to be encrypted or signed or the MIME message to
 be decrypted or verified.
 
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the PKCS#7 structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
 =item B<-out filename>
 
 the message text that has been decrypted or verified or the output MIME
 format message that has been signed or verified.
 
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the PKCS#7 structure. The default
+is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
 =item B<-text>
 
 this option adds plain text (text/plain) MIME headers to the supplied
@@ -174,12 +204,17 @@ corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
 the B<-recip> or B<-signer> file.
 
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 =item B<cert.pem...>
@@ -204,7 +239,7 @@ a blank line. Piping the mail directly to sendmail is one way to
 achieve the correct format.
 
 The supplied message to be signed or encrypted must include the
-necessary MIME headers: or many S/MIME clients wont display it
+necessary MIME headers or many S/MIME clients wont display it
 properly (if at all). You can use the B<-text> option to automatically
 add plain text headers.
 
@@ -290,7 +325,7 @@ Send encrypted mail using triple DES:
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \
-        | openssl -encrypt -out mail.msg \
+        | openssl smime -encrypt -out mail.msg \
         -from steve@openssl.org -to someone@somewhere \
         -subject "Signed and Encrypted message" -des3 user.pem
 
@@ -301,6 +336,22 @@ Decrypt mail:
 
  openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
 
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7----
+ -----END PKCS7----
+
+and using the command, 
+
+ openssl smime -verify -inform PEM -in signature.pem -content content.txt
+
+alternatively you can base64 decode the signature and use
+
+ openssl smime -verify -inform DER -in signature.der -content content.txt
+
 =head1 BUGS
 
 The MIME parser isn't very clever: it seems to handle most messages that I've thrown
diff --git a/src/lib/libssl/src/doc/apps/speed.pod b/src/lib/libssl/src/doc/apps/speed.pod
index fecd9a994d..8101851ec6 100644
--- a/src/lib/libssl/src/doc/apps/speed.pod
+++ b/src/lib/libssl/src/doc/apps/speed.pod
@@ -7,6 +7,7 @@ speed - test library performance
 =head1 SYNOPSIS
 
 B<openssl speed>
+[B<-engine id>]
 [B<md2>]
 [B<mdc2>]
 [B<md5>]
@@ -39,7 +40,18 @@ This command is used to test the performance of cryptographic algorithms.
 
 =head1 OPTIONS
 
-If an option is given, B<speed> test that algorithm, otherwise all of
+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
+If any options are given, B<speed> tests those algorithms, otherwise all of
 the above are tested.
 
 =cut
diff --git a/src/lib/libssl/src/doc/apps/verify.pod b/src/lib/libssl/src/doc/apps/verify.pod
index 4a6572d3b8..90455525d1 100644
--- a/src/lib/libssl/src/doc/apps/verify.pod
+++ b/src/lib/libssl/src/doc/apps/verify.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-pkcs7 - PKCS#7 utility
+verify - Utility to verify certificates.
 
 =head1 SYNOPSIS
 
@@ -12,6 +12,7 @@ B<openssl> B<verify>
 [B<-purpose purpose>]
 [B<-untrusted file>]
 [B<-help>]
+[B<-issuer_checks>]
 [B<-verbose>]
 [B<->]
 [certificates]
@@ -57,6 +58,14 @@ prints out a usage message.
 
 print extra information about the operations being performed.
 
+=item B<-issuer_checks>
+
+print out diagnostics relating to searches for the issuer certificate
+of the current certificate. This shows why each candidate issuer
+certificate was rejected. However the presence of rejection messages
+does not itself imply that anything is wrong: during the normal
+verify process several rejections may take place.
+
 =item B<->
 
 marks the last option. All arguments following this are assumed to be
@@ -88,9 +97,21 @@ The verify operation consists of a number of separate steps.
 
 Firstly a certificate chain is built up starting from the supplied certificate
 and ending in the root CA. It is an error if the whole chain cannot be built
-up. The chain is built up by looking up a certificate whose subject name
-matches the issuer name of the current certificate. If a certificate is found
-whose subject and issuer names are identical it is assumed to be the root CA.
+up. The chain is built up by looking up the issuers certificate of the current
+certificate. If a certificate is found which is its own issuer it is assumed 
+to be the root CA.
+
+The process of 'looking up the issuers certificate' itself involves a number
+of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
+subject name matched the issuer of the current certificate was assumed to be
+the issuers certificate. In OpenSSL 0.9.6 and later all certificates
+whose subject name matches the issuer name of the current certificate are 
+subject to further tests. The relevant authority key identifier components
+of the current certificate (if present) must match the subject key identifier
+(if present) and issuer and serial number of the candidate issuer, in addition
+the keyUsage extension of the candidate issuer (if present) must permit
+certificate signing.
+
 The lookup first looks in the list of untrusted certificates and if no match
 is found the remaining lookups are from the trusted certificates. The root CA
 is always looked up in the trusted certificate list: if the certificate to
@@ -260,12 +281,46 @@ the root CA is not marked as trusted for the specified purpose.
 
 the root CA is marked to reject the specified purpose.
 
+=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. Only displayed when
+the B<-issuer_checks> option is set.
+
+=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier
+of the current certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+
+the current candidate issuer certificate was rejected because its keyUsage extension
+does not permit certificate signing.
+
 =item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
 
 an application specific error. Unused.
 
 =back
 
+=head1 BUGS
+
+Although the issuer checks are a considerably improvement over the old technique they still
+suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
+trusted certificates with matching subject name must either appear in a file (as specified by the
+B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
+the certificates in the file will be recognised.
+
+Previous versions of OpenSSL assume certificates with matching subject name are identical and
+mishandled them.
+
 =head1 SEE ALSO
 
 L<x509(1)|x509(1)>
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index e4ae5468da..84f76cb421 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -19,6 +19,8 @@ B<openssl> B<x509>
 [B<-hash>]
 [B<-subject>]
 [B<-issuer>]
+[B<-nameopt option>]
+[B<-email>]
 [B<-startdate>]
 [B<-enddate>]
 [B<-purpose>]
@@ -137,6 +139,16 @@ outputs the subject name.
 
 outputs the issuer name.
 
+=item B<-nameopt option>
+
+option which determine how the subject or issuer names are displayed. This
+option may be used more than once to set multiple options. See the B<NAME
+OPTIONS> section for more information.
+
+=item B<-email>
+
+outputs the email address(es) if any.
+
 =item B<-startdate>
 
 prints out the start date of the certificate, that is the notBefore date.
@@ -330,6 +342,138 @@ specified then the extensions should either be contained in the unnamed
 
 =back
 
+=head1 NAME OPTIONS
+
+The B<nameopt> command line switch determines how the subject and issuer
+names are displayed. If no B<nameopt> switch is present the default "oneline"
+format is used which is compatible with previous versions of OpenSSL.
+Each option is described in detail below, all options can be preceded by
+a B<-> to turn the option off. Only the first four will normally be used.
+
+=over 4
+
+=item B<compat>
+
+use the old format. This is equivalent to specifying no name options at all.
+
+=item B<RFC2253>
+
+displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
+B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
+B<sep_comma_plus>, B<dn_rev> and B<sname>.
+
+=item B<oneline>
+
+a oneline format which is more readable than RFC2253. It is equivalent to
+specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
+B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
+options.
+
+=item B<multiline>
+
+a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
+B<spc_eq> and B<lname>.
+
+=item B<esc_2253>
+
+escape the "special" characters required by RFC2253 in a field That is
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
+and a space character at the beginning or end of a string.
+
+=item B<esc_ctrl>
+
+escape control characters. That is those with ASCII values less than
+0x20 (space) and the delete (0x7f) character. They are escaped using the
+RFC2253 \XX notation (where XX are two hex digits representing the
+character value).
+
+=item B<esc_msb>
+
+escape characters with the MSB set, that is with ASCII values larger than
+127.
+
+=item B<use_quote>
+
+escapes some characters by surrounding the whole string with B<"> characters,
+without the option all escaping is done with the B<\> character.
+
+=item B<utf8>
+
+convert all strings to UTF8 format first. This is required by RFC2253. If
+you are lucky enough to have a UTF8 compatible terminal then the use
+of this option (and B<not> setting B<esc_msb>) may result in the correct
+display of multibyte (international) characters. Is this option is not
+present then multibyte characters larger than 0xff will be represented
+using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
+Also if this option is off any UTF8Strings will be converted to their
+character form first.
+
+=item B<no_type>
+
+this option does not attempt to interpret multibyte characters in any
+way. That is their content octets are merely dumped as though one octet
+represents each character. This is useful for diagnostic purposes but
+will result in rather odd looking output.
+
+=item B<show_type>
+
+show the type of the ASN1 character string. The type precedes the
+field contents. For example "BMPSTRING: Hello World".
+
+=item B<dump_der>
+
+when this option is set any fields that need to be hexdumped will
+be dumped using the DER encoding of the field. Otherwise just the
+content octets will be displayed. Both options use the RFC2253
+B<#XXXX...> format.
+
+=item B<dump_nostr>
+
+dump non character string types (for example OCTET STRING) if this
+option is not set then non character string types will be displayed
+as though each content octet repesents a single character.
+
+=item B<dump_all>
+
+dump all fields. This option when used with B<dump_der> allows the
+DER encoding of the structure to be unambiguously determined.
+
+=item B<dump_unknown>
+
+dump any field whose OID is not recognised by OpenSSL.
+
+=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
+B<sep_multiline>
+
+these options determine the field separators. The first character is
+between RDNs and the second between multiple AVAs (multiple AVAs are
+very rare and their use is discouraged). The options ending in
+"space" additionally place a space after the separator to make it
+more readable. The B<sep_multiline> uses a linefeed character for
+the RDN separator and a spaced B<+> for the AVA separator. It also
+indents the fields by four characters.
+
+=item B<dn_rev>
+
+reverse the fields of the DN. This is required by RFC2253. As a side
+effect this also reverses the order of multiple AVAs but this is
+permissible.
+
+=item B<nofname>, B<sname>, B<lname>, B<oid>
+
+these options alter how the field name is displayed. B<nofname> does
+not display the field at all. B<sname> uses the "short name" form
+(CN for commonName for example). B<lname> uses the long form.
+B<oid> represents the OID in numerical form and is useful for
+diagnostic purpose.
+
+=item B<spc_eq>
+
+places spaces round the B<=> character which follows the field
+name.
+
+=back
+
 =head1 EXAMPLES
 
 Note: in these examples the '\' means the example should be all on one
@@ -343,6 +487,19 @@ Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial
 
+Display the certificate subject name:
+
+ openssl x509 -in cert.pem -noout -subject
+
+Display the certificate subject name in RFC2253 form:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+
+Display the certificate subject name in oneline form on a terminal
+supporting UTF8:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
+
 Display the certificate MD5 fingerprint:
 
  openssl x509 -in cert.pem -noout -fingerprint
@@ -362,13 +519,13 @@ Convert a certificate to a certificate request:
 Convert a certificate request into a self signed certificate using
 extensions for a CA:
 
- openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
+ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
         -signkey key.pem -out cacert.pem
 
 Sign a certificate request using the CA certificate above and add user
 certificate extensions:
 
- openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
+ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
         -CA cacert.pem -CAkey key.pem -CAcreateserial
 
 
@@ -395,6 +552,11 @@ Trusted certificates have the lines
  -----BEGIN TRUSTED CERTIFICATE----
  -----END TRUSTED CERTIFICATE----
 
+The conversion to UTF8 format used with the name options assumes that
+T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+and MSIE do this as do many certificates. So although this is incorrect
+it is more likely to display the majority of certificates correctly.
+
 The B<-fingerprint> option takes the digest of the DER encoded certificate.
 This is commonly called a "fingerprint". Because of the nature of message
 digests the fingerprint of a certificate is unique to that certificate and
@@ -402,6 +564,10 @@ two certificates with the same fingerprint can be considered to be the same.
 
 The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
 
+The B<-email> option searches the subject name and the subject alternative
+name extension. Only unique email addresses will be printed out: it will
+not print the same address more than once.
+
 =head1 CERTIFICATE EXTENSIONS
 
 The B<-purpose> option checks the certificate extensions and determines
@@ -517,10 +683,6 @@ must be present.
 
 =head1 BUGS
 
-The way DNs are printed is in a "historical SSLeay" format which doesn't
-follow any published standard. It should follow some standard like RFC2253
-or RFC1779 with options to make the stuff more readable.
-
 Extensions in certificates are not transferred to certificate requests and
 vice versa.
 
@@ -532,7 +694,7 @@ There should be options to explicitly set such things as start and end
 dates rather than an offset from the current time.
 
 The code to implement the verify behaviour described in the B<TRUST SETTINGS>
-is currently being developed. It thus describes the intended behavior rather
+is currently being developed. It thus describes the intended behaviour rather
 than the current behaviour. It is hoped that it will represent reality in
 OpenSSL 0.9.5 and later.
 
diff --git a/src/lib/libssl/src/doc/c-indentation.el b/src/lib/libssl/src/doc/c-indentation.el
index 9111450915..48ca3cf69b 100644
--- a/src/lib/libssl/src/doc/c-indentation.el
+++ b/src/lib/libssl/src/doc/c-indentation.el
@@ -39,7 +39,8 @@
                                    (label . -)
                                    (arglist-cont-nonempty . +)
                                    (topmost-intro . -)
-                                   (brace-list-close . +)
-                                   (brace-list-intro . +)
+                                   (brace-list-close . 0)
+                                   (brace-list-intro . 0)
+                                   (brace-list-open . +)
                                    ))))
 
diff --git a/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod b/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod
new file mode 100644
index 0000000000..722e8b8f46
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
+BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
+BIO_get_info_callback, BIO_set_info_callback - BIO control operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+ long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+ char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+ long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+
+ int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+ int BIO_set_close(BIO *b,long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
+
+ int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
+ int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
+
+ typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
+
+=head1 DESCRIPTION
+
+BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
+are BIO "control" operations taking arguments of various types.
+These functions are not normally called directly, various macros
+are used instead. The standard macros are described below, macros
+specific to a particular type of BIO are described in the specific
+BIOs manual page as well as any special features of the standard
+calls.
+
+BIO_reset() typically resets a BIO to some initial state, in the case
+of file related BIOs for example it rewinds the file pointer to the
+start of the file.
+
+BIO_seek() resets a file related BIO's (that is file descriptor and
+FILE BIOs) file position pointer to B<ofs> bytes from start of file.
+
+BIO_tell() returns the current file position of a file related BIO.
+
+BIO_flush() normally writes out any internally buffered data, in some
+cases it is used to signal EOF and that no more data will be written.
+
+BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of
+"EOF" varies according to the BIO type.
+
+BIO_set_close() sets the BIO B<b> close flag to B<flag>. B<flag> can
+take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used
+in a source/sink BIO to indicate that the underlying I/O stream should
+be closed when the BIO is freed.
+
+BIO_get_close() returns the BIOs close flag.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the number of pending characters in the BIOs read and write buffers.
+Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
+return a size_t type and are functions, BIO_pending() and BIO_wpending() are
+macros which call BIO_ctrl().
+
+=head1 RETURN VALUES
+
+BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
+BIOs are an exception, they return 0 for success and -1 for failure.
+
+BIO_seek() and BIO_tell() both return the current file position on success
+and -1 for failure, except file BIOs which for BIO_seek() always return 0
+for success and -1 for failure.
+
+BIO_flush() returns 1 for success and 0 or -1 for failure.
+
+BIO_eof() returns 1 if EOF has been reached 0 otherwise.
+
+BIO_set_close() always returns 1.
+
+BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the amount of pending data.
+
+=head1 NOTES
+
+BIO_flush(), because it can write data may return 0 or -1 indicating
+that the call should be retried later in a similar manner to BIO_write(). 
+The BIO_should_retry() call should be used and appropriate action taken
+is the call fails.
+
+The return values of BIO_pending() and BIO_wpending() may not reliably
+determine the amount of pending data in all cases. For example in the
+case of a file BIO some data may be available in the FILE structures
+internal buffers but it is not possible to determine this in a
+portably way. For other types of BIO they may not be supported.
+
+Filter BIOs if they do not internally handle a particular BIO_ctrl()
+operation usually pass the operation to the next BIO in the chain.
+This often means there is no need to locate the required BIO for
+a particular operation, it can be called on a chain and it will
+be automatically passed to the relevant BIO. However this can cause
+unexpected results: for example no current filter BIOs implement
+BIO_seek(), but this may still succeed if the chain ends in a FILE
+or file descriptor BIO.
+
+Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl()
+operation.
+
+=head1 BUGS
+
+Some of the return values are ambiguous and care should be taken. In
+particular a return value of 0 can be returned if an operation is not
+supported, if an error occurred, if EOF has not been reached and in
+the case of BIO_seek() on a file BIO for a successful operation. 
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
new file mode 100644
index 0000000000..fdb603b38e
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+BIO_f_base64 - base64 BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *   BIO_f_base64(void);
+
+=head1 DESCRIPTION
+
+BIO_f_base64() returns the base64 BIO method. This is a filter
+BIO that base64 encodes any data written through it and decodes
+any data read through it.
+
+Base64 BIOs do not support BIO_gets() or BIO_puts(). 
+
+BIO_flush() on a base64 BIO that is being written through is
+used to signal that no more data is to be encoded: this is used
+to flush the final block through the BIO.
+
+The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags()
+to encode the data all on one line or expect the data to be all
+on one line.
+
+=head1 NOTES
+
+Because of the format of base64 encoding the end of the encoded
+block cannot always be reliably determined.
+
+=head1 RETURN VALUES
+
+BIO_f_base64() returns the base64 BIO method.
+
+=head1 EXAMPLES
+
+Base64 encode the string "Hello World\n" and write the result
+to standard output:
+
+ BIO *bio, *b64;
+ char message[] = "Hello World \n";
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio = BIO_push(b64, bio);
+ BIO_write(bio, message, strlen(message));
+ BIO_flush(bio);
+
+ BIO_free_all(bio);
+
+Read Base64 encoded data from standard input and write the decoded
+data to standard output:
+
+ BIO *bio, *b64, bio_out;
+ char inbuf[512];
+ int inlen;
+ char message[] = "Hello World \n";
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio = BIO_push(b64, bio);
+ while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) 
+        BIO_write(bio_out, inbuf, inlen);
+
+ BIO_free_all(bio);
+
+=head1 BUGS
+
+The ambiguity of EOF in base64 encoded data can cause additional
+data following the base64 encoded block to be misinterpreted.
+
+There should be some way of specifying a test that the BIO can perform
+to reliably determine EOF (for example a MIME boundary).
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod b/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod
new file mode 100644
index 0000000000..c9093c6a57
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BIO_f_buffer - buffering BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_f_buffer(void);
+
+ #define BIO_get_buffer_num_lines(b)    BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+ #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+ #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+ #define BIO_set_buffer_size(b,size)    BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+ #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+=head1 DESCRIPTION
+
+BIO_f_buffer() returns the buffering BIO method.
+
+Data written to a buffering BIO is buffered and periodically written
+to the next BIO in the chain. Data read from a buffering BIO comes from
+an internal buffer which is filled from the next BIO in the chain.
+Both BIO_gets() and BIO_puts() are supported.
+
+Calling BIO_reset() on a buffering BIO clears any buffered data.
+
+BIO_get_buffer_num_lines() returns the number of lines currently buffered.
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+set the read, write or both read and write buffer sizes to B<size>. The initial
+buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
+buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
+when the buffer is resized.
+
+BIO_set_buffer_read_data() clears the read buffer and fills it with B<num>
+bytes of B<buf>. If B<num> is larger than the current buffer size the buffer
+is expanded.
+
+=head1 NOTES
+
+Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
+next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
+possible to provide BIO_gets() functionality if the following BIOs do not
+support it (for example SSL BIOs).
+
+Data is only written to the next BIO in the chain when the write buffer fills
+or when BIO_flush() is called. It is therefore important to call BIO_flush()
+whenever any pending data should be written such as when removing a buffering
+BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate
+source/sink BIO is non blocking.
+
+=head1 RETURN VALUES
+
+BIO_f_buffer() returns the buffering BIO method.
+
+BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+return 1 if the buffer was successfully resized or 0 for failure.
+
+BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod b/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod
new file mode 100644
index 0000000000..4182f2c309
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *   BIO_f_cipher(void);
+ void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
+                unsigned char *key, unsigned char *iv, int enc);
+ int BIO_get_cipher_status(BIO *b)
+ int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+
+=head1 DESCRIPTION
+
+BIO_f_cipher() returns the cipher BIO method. This is a filter
+BIO that encrypts any data written through it, and decrypts any data
+read from it. It is a BIO wrapper for the cipher routines
+EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
+
+Cipher BIOs do not support BIO_gets() or BIO_puts(). 
+
+BIO_flush() on an encryption BIO that is being written through is
+used to signal that no more data is to be encrypted: this is used
+to flush and possibly pad the final block through the BIO.
+
+BIO_set_cipher() sets the cipher of BIO <b> to B<cipher> using key B<key>
+and IV B<iv>. B<enc> should be set to 1 for encryption and zero for
+decryption.
+
+When reading from an encryption BIO the final block is automatically
+decrypted and checked when EOF is detected. BIO_get_cipher_status()
+is a BIO_ctrl() macro which can be called to determine whether the
+decryption operation was successful.
+
+BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal
+BIO cipher context. The retrieved context can be used in conjunction
+with the standard cipher routines to set it up. This is useful when
+BIO_set_cipher() is not flexible enough for the applications needs.
+
+=head1 NOTES
+
+When encrypting BIO_flush() B<must> be called to flush the final block
+through the BIO. If it is not then the final block will fail a subsequent
+decrypt.
+
+When decrypting an error on the final block is signalled by a zero
+return value from the read operation. A successful decrypt followed
+by EOF will also return zero for the final read. BIO_get_cipher_status()
+should be called to determine if the decrypt was successful.
+
+As always, if BIO_gets() or BIO_puts() support is needed then it can
+be achieved by preceding the cipher BIO with a buffering BIO.
+
+=head1 RETURN VALUES
+
+BIO_f_cipher() returns the cipher BIO method.
+
+BIO_set_cipher() does not return a value.
+
+BIO_get_cipher_status() returns 1 for a successful decrypt and 0
+for failure.
+
+BIO_get_cipher_ctx() currently always returns 1.
+
+=head1 EXAMPLES
+
+TBA
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_md.pod b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
new file mode 100644
index 0000000000..c32504dfb1
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
@@ -0,0 +1,138 @@
+=pod
+
+=head1 NAME
+
+BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *   BIO_f_md(void);
+ int BIO_set_md(BIO *b,EVP_MD *md);
+ int BIO_get_md(BIO *b,EVP_MD **mdp);
+ int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
+
+=head1 DESCRIPTION
+
+BIO_f_md() returns the message digest BIO method. This is a filter
+BIO that digests any data passed through it, it is a BIO wrapper
+for the digest routines EVP_DigestInit(), EVP_DigestUpdate()
+and EVP_DigestFinal().
+
+Any data written or read through a digest BIO using BIO_read() and
+BIO_write() is digested.
+
+BIO_gets(), if its B<size> parameter is large enough finishes the
+digest calculation and returns the digest value. BIO_puts() is
+not supported.
+
+BIO_reset() reinitializes a digest BIO.
+
+BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
+must be called to initialize a digest BIO before any data is
+passed through it. It is a BIO_ctrl() macro.
+
+BIO_get_md() places the a pointer to the digest BIOs digest method
+in B<mdp>, it is a BIO_ctrl() macro.
+
+BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.
+
+=head1 NOTES
+
+The context returned by BIO_get_md_ctx() can be used in calls
+to EVP_DigestFinal() and also the signature routines EVP_SignFinal()
+and EVP_VerifyFinal().
+
+The context returned by BIO_get_md_ctx() is an internal context
+structure. Changes made to this context will affect the digest
+BIO itself and the context pointer will become invalid when the digest
+BIO is freed.
+
+After the digest has been retrieved from a digest BIO it must be
+reinitialized by calling BIO_reset(), or BIO_set_md() before any more
+data is passed through it.
+
+If an application needs to call BIO_gets() or BIO_puts() through
+a chain containing digest BIOs then this can be done by prepending
+a buffering BIO.
+
+=head1 RETURN VALUES
+
+BIO_f_md() returns the digest BIO method.
+
+BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and
+0 for failure.
+
+=head1 EXAMPLES
+
+The following example creates a BIO chain containing an SHA1 and MD5
+digest BIO and passes the string "Hello World" through it. Error
+checking has been omitted for clarity.
+
+ BIO *bio, *mdtmp;
+ char message[] = "Hello World";
+ bio = BIO_new(BIO_s_null());
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ /* For BIO_push() we want to append the sink BIO and keep a note of
+  * the start of the chain.
+  */
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ /* Note: mdtmp can now be discarded */
+ BIO_write(bio, message, strlen(message));
+
+The next example digests data by reading through a chain instead:
+
+ BIO *bio, *mdtmp;
+ char buf[1024];
+ int rdlen;
+ bio = BIO_new_file(file, "rb");
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ do {
+        rdlen = BIO_read(bio, buf, sizeof(buf));
+        /* Might want to do something with the data here */
+ } while(rdlen > 0);
+
+This next example retrieves the message digests from a BIO chain and
+outputs them. This could be used with the examples above.
+
+ BIO *mdtmp;
+ unsigned char mdbuf[EVP_MAX_MD_SIZE];
+ int mdlen;
+ int i;
+ mdtmp = bio;   /* Assume bio has previously been set up */
+ do {
+        EVP_MD *md;
+        mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+        if(!mdtmp) break;
+        BIO_get_md(mdtmp, &md);
+        printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+        mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+        for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+        printf("\n");
+        mdtmp = BIO_next(mdtmp);
+ } while(mdtmp);
+
+ BIO_free_all(bio);
+
+=head1 BUGS
+
+The lack of support for BIO_puts() and the non standard behaviour of
+BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets()
+and BIO_puts() should be passed to the next BIO in the chain and digest
+the data passed through and that digests should be retrieved using a
+separate BIO_ctrl() call.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_null.pod b/src/lib/libssl/src/doc/crypto/BIO_f_null.pod
new file mode 100644
index 0000000000..b057c18408
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_null.pod
@@ -0,0 +1,32 @@
+=pod
+
+=head1 NAME
+
+BIO_f_null - null filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_f_null(void);
+
+=head1 DESCRIPTION
+
+BIO_f_null() returns the null filter BIO method. This is a filter BIO
+that does nothing.
+
+All requests to a null filter BIO are passed through to the next BIO in
+the chain: this means that a BIO chain containing a null filter BIO
+behaves just as though the BIO was not there.
+
+=head1 NOTES
+
+As may be apparent a null filter BIO is not particularly useful.
+
+=head1 RETURN VALUES
+
+BIO_f_null() returns the null filter BIO method.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
new file mode 100644
index 0000000000..a56ee2b92f
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
@@ -0,0 +1,313 @@
+=pod
+
+=head1 NAME
+
+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
+BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
+BIO_ssl_shutdown - SSL BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/ssl.h>
+
+ BIO_METHOD *BIO_f_ssl(void);
+
+ #define BIO_set_ssl(b,ssl,c)   BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+ #define BIO_get_ssl(b,sslp)    BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+ #define BIO_set_ssl_mode(b,client)     BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+ #define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+ #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+ #define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+
+ BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+ BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+ int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+ void BIO_ssl_shutdown(BIO *bio);
+
+ #define BIO_do_handshake(b)    BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+=head1 DESCRIPTION
+
+BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
+is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
+SSL I/O. 
+
+I/O performed on an SSL BIO communicates using the SSL protocol with
+the SSLs read and write BIOs. If an SSL connection is not established
+then an attempt is made to establish one on the first I/O call.
+
+If a BIO is appended to an SSL BIO using BIO_push() it is automatically
+used as the SSL BIOs read and write BIOs.
+
+Calling BIO_reset() on an SSL BIO closes down any current SSL connection
+by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in
+the chain: this will typically disconnect the underlying transport.
+The SSL BIO is then reset to the initial accept or connect state.
+
+If the close flag is set when an SSL BIO is freed then the internal
+SSL structure is also freed using SSL_free().
+
+BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
+the close flag B<c>.
+
+BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
+manipulated using the standard SSL library functions.
+
+BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
+is 1 client mode is set. If B<client> is 0 server mode is set.
+
+BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
+to B<num>. When set after every B<num> bytes of I/O (read and write) 
+the SSL session is automatically renegotiated. B<num> must be at
+least 512 bytes.
+
+BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
+B<seconds>. When the renegotiate timeout elapses the session is
+automatically renegotiated.
+
+BIO_get_num_renegotiates() returns the total number of session
+renegotiations due to I/O or timeout.
+
+BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
+client mode if B<client> is non zero.
+
+BIO_new_ssl_connect() creates a new BIO chain consisting of an
+SSL BIO (using B<ctx>) followed by a connect BIO.
+
+BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
+of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
+BIO.
+
+BIO_ssl_copy_session_id() copies an SSL session id between 
+BIO chains B<from> and B<to>. It does this by locating the
+SSL BIOs in each chain and calling SSL_copy_session_id() on
+the internal SSL pointer.
+
+BIO_ssl_shutdown() closes down an SSL connection on BIO
+chain B<bio>. It does this by locating the SSL BIO in the
+chain and calling SSL_shutdown() on its internal SSL
+pointer.
+
+BIO_do_handshake() attempts to complete an SSL handshake on the
+supplied BIO and establish the SSL connection. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried. If an SSL connection has
+already been established this call has no effect.
+
+=head1 NOTES
+
+SSL BIOs are exceptional in that if the underlying transport
+is non blocking they can still request a retry in exceptional
+circumstances. Specifically this will happen if a session
+renegotiation takes place during a BIO_read() operation, one
+case where this happens is when SGC or step up occurs.
+
+In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be
+set to disable this behaviour. That is when this flag is set
+an SSL BIO using a blocking transport will never request a
+retry.
+
+Since unknown BIO_ctrl() operations are sent through filter
+BIOs the servers name and port can be set using BIO_set_host()
+on the BIO returned by BIO_new_ssl_connect() without having
+to locate the connect BIO first.
+
+Applications do not have to call BIO_do_handshake() but may wish
+to do so to separate the handshake process from other I/O
+processing.
+
+=head1 RETURN VALUES
+
+TBA
+
+=head1 EXAMPLE
+
+This SSL/TLS client example, attempts to retrieve a page from an
+SSL/TLS web server. The I/O routines are identical to those of the
+unencrypted example in L<BIO_s_connect(3)|BIO_s_connect(3)>.
+
+ BIO *sbio, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ ERR_load_crypto_strings();
+ ERR_load_SSL_strings();
+ OpenSSL_add_all_algorithms();
+
+ /* We would seed the PRNG here if the platform didn't
+  * do it automatically
+  */
+
+ ctx = SSL_CTX_new(SSLv23_client_method());
+
+ /* We'd normally set some stuff like the verify paths and
+  * mode here because as things stand this will connect to
+  * any server whose certificate is signed by any CA.
+  */
+
+ sbio = BIO_new_ssl_connect(ctx);
+
+ BIO_get_ssl(sbio, &ssl);
+
+ if(!ssl) {
+   fprintf(stderr, "Can't locate SSL pointer\n");
+   /* whatever ... */
+ }
+
+ /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ /* We might want to do other things with ssl here */
+
+ BIO_set_conn_hostname(sbio, "localhost:https");
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if(BIO_do_connect(sbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        /* whatever ... */
+ }
+
+ if(BIO_do_handshake(sbio) <= 0) {
+        fprintf(stderr, "Error establishing SSL connection\n");
+        ERR_print_errors_fp(stderr);
+        /* whatever ... */
+ }
+
+ /* Could examine ssl here to get connection info */
+
+ BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+ for(;;) {      
+        len = BIO_read(sbio, tmpbuf, 1024);
+        if(len <= 0) break;
+        BIO_write(out, tmpbuf, len);
+ }
+ BIO_free_all(sbio);
+ BIO_free(out);
+
+Here is a simple server example. It makes use of a buffering
+BIO to allow lines to be read from the SSL BIO using BIO_gets.
+It creates a pseudo web page containing the actual request from
+a client and also echoes the request to standard output.
+
+ BIO *sbio, *bbio, *acpt, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ ERR_load_crypto_strings();
+ ERR_load_SSL_strings();
+ OpenSSL_add_all_algorithms();
+
+ /* Might seed PRNG here */
+
+ ctx = SSL_CTX_new(SSLv23_server_method());
+
+ if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+        || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+        || !SSL_CTX_check_private_key(ctx)) {
+
+        fprintf(stderr, "Error setting up SSL_CTX\n");
+        ERR_print_errors_fp(stderr);
+        return 0;
+ }
+
+ /* Might do other things here like setting verify locations and
+  * DH and/or RSA temporary key callbacks
+  */
+
+ /* New SSL BIO setup as server */
+ sbio=BIO_new_ssl(ctx,0);
+
+ BIO_get_ssl(sbio, &ssl);
+
+ if(!ssl) {
+   fprintf(stderr, "Can't locate SSL pointer\n");
+   /* whatever ... */
+ }
+
+ /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ /* Create the buffering BIO */
+
+ bbio = BIO_new(BIO_f_buffer());
+
+ /* Add to chain */
+ sbio = BIO_push(bbio, sbio);
+
+ acpt=BIO_new_accept("4433");
+
+ /* By doing this when a new connection is established
+  * we automatically have sbio inserted into it. The
+  * BIO chain is now 'swallowed' by the accept BIO and
+  * will be freed when the accept BIO is freed. 
+  */
+ 
+ BIO_set_accept_bios(acpt,sbio);
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ /* Setup accept BIO */
+ if(BIO_do_accept(acpt) <= 0) {
+        fprintf(stderr, "Error setting up accept BIO\n");
+        ERR_print_errors_fp(stderr);
+        return 0;
+ }
+
+ /* Now wait for incoming connection */
+ if(BIO_do_accept(acpt) <= 0) {
+        fprintf(stderr, "Error in connection\n");
+        ERR_print_errors_fp(stderr);
+        return 0;
+ }
+
+ /* We only want one connection so remove and free
+  * accept BIO
+  */
+
+ sbio = BIO_pop(acpt);
+
+ BIO_free_all(acpt);
+
+ if(BIO_do_handshake(sbio) <= 0) {
+        fprintf(stderr, "Error in SSL handshake\n");
+        ERR_print_errors_fp(stderr);
+        return 0;
+ }
+
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+
+ for(;;) {
+        len = BIO_gets(sbio, tmpbuf, 1024);
+        if(len <= 0) break;
+        BIO_write(sbio, tmpbuf, len);
+        BIO_write(out, tmpbuf, len);
+        /* Look for blank line signifying end of headers*/
+        if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
+ }
+
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+ BIO_puts(sbio, "</pre>\r\n");
+
+ /* Since there is a buffering BIO present we had better flush it */
+ BIO_flush(sbio);
+
+ BIO_free_all(sbio);
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_find_type.pod b/src/lib/libssl/src/doc/crypto/BIO_find_type.pod
new file mode 100644
index 0000000000..bd3b256196
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_find_type.pod
@@ -0,0 +1,98 @@
+=pod
+
+=head1 NAME
+
+BIO_find_type, BIO_next - BIO chain traversal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *  BIO_find_type(BIO *b,int bio_type);
+ BIO *  BIO_next(BIO *b);
+
+ #define BIO_method_type(b)             ((b)->method->type)
+
+ #define BIO_TYPE_NONE          0
+ #define BIO_TYPE_MEM           (1|0x0400)
+ #define BIO_TYPE_FILE          (2|0x0400)
+
+ #define BIO_TYPE_FD            (4|0x0400|0x0100)
+ #define BIO_TYPE_SOCKET                (5|0x0400|0x0100)
+ #define BIO_TYPE_NULL          (6|0x0400)
+ #define BIO_TYPE_SSL           (7|0x0200)
+ #define BIO_TYPE_MD            (8|0x0200)
+ #define BIO_TYPE_BUFFER                (9|0x0200)
+ #define BIO_TYPE_CIPHER                (10|0x0200)
+ #define BIO_TYPE_BASE64                (11|0x0200)
+ #define BIO_TYPE_CONNECT       (12|0x0400|0x0100)
+ #define BIO_TYPE_ACCEPT                (13|0x0400|0x0100)
+ #define BIO_TYPE_PROXY_CLIENT  (14|0x0200)
+ #define BIO_TYPE_PROXY_SERVER  (15|0x0200)
+ #define BIO_TYPE_NBIO_TEST     (16|0x0200)
+ #define BIO_TYPE_NULL_FILTER   (17|0x0200)
+ #define BIO_TYPE_BER           (18|0x0200)
+ #define BIO_TYPE_BIO           (19|0x0400)
+
+ #define BIO_TYPE_DESCRIPTOR    0x0100
+ #define BIO_TYPE_FILTER                0x0200
+ #define BIO_TYPE_SOURCE_SINK   0x0400
+
+=head1 DESCRIPTION
+
+The BIO_find_type() searches for a BIO of a given type in a chain, starting
+at BIO B<b>. If B<type> is a specific type (such as BIO_TYPE_MEM) then a search
+is made for a BIO of that type. If B<type> is a general type (such as
+B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
+searched for. BIO_find_type() returns the next matching BIO or NULL if none is
+found.
+
+Note: not all the B<BIO_TYPE_*> types above have corresponding BIO implementations.
+
+BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
+certain type.
+
+BIO_method_type() returns the type of a BIO.
+
+=head1 RETURN VALUES
+
+BIO_find_type() returns a matching BIO or NULL for no match.
+
+BIO_next() returns the next BIO in a chain.
+
+BIO_method_type() returns the type of the BIO B<b>.
+
+=head1 NOTES
+
+BIO_next() was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a BIO
+chain or find multiple matches using BIO_find_type(). Previous versions had to
+use:
+
+ next = bio->next_bio;
+
+=head1 BUGS
+
+BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a
+NULL pointer for the B<b> argument.
+
+=head1 EXAMPLE
+
+Traverse a chain looking for digest BIOs:
+
+ BIO *btmp;
+ btmp = in_bio; /* in_bio is chain to search through */
+
+ do {
+        btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+        if(btmp == NULL) break; /* Not found */
+        /* btmp is a digest BIO, do something with it ...*/
+        ...
+
+        btmp = BIO_next(btmp);
+ } while(btmp);
+
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_new.pod b/src/lib/libssl/src/doc/crypto/BIO_new.pod
new file mode 100644
index 0000000000..2a245fc8de
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_new.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *  BIO_new(BIO_METHOD *type);
+ int    BIO_set(BIO *a,BIO_METHOD *type);
+ int    BIO_free(BIO *a);
+ void   BIO_vfree(BIO *a);
+ void   BIO_free_all(BIO *a);
+
+=head1 DESCRIPTION
+
+The BIO_new() function returns a new BIO using method B<type>.
+
+BIO_set() sets the method of an already existing BIO.
+
+BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
+but it does not return a value. Calling BIO_free() may also have some effect
+on the underlying I/O structure, for example it may close the file being
+referred to under certain circumstances. For more details see the individual
+BIO_METHOD descriptions.
+
+BIO_free_all() frees up an entire BIO chain, it does not halt if an error
+occurs freeing up an individual BIO in the chain.
+
+=head1 RETURN VALUES
+
+BIO_new() returns a newly created BIO or NULL if the call fails.
+
+BIO_set(), BIO_free() return 1 for success and 0 for failure.
+
+BIO_free_all() and BIO_vfree() do not return values.
+
+=head1 NOTES
+
+Some BIOs (such as memory BIOs) can be used immediately after calling
+BIO_new(). Others (such as file BIOs) need some additional initialization,
+and frequently a utility function exists to create and initialize such BIOs.
+
+If BIO_free() is called on a BIO chain it will only free one BIO resulting
+in a memory leak.
+
+Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
+on it other than the discarded return value.
+
+Normally the B<type> argument is supplied by a function which returns a
+pointer to a BIO_METHOD. There is a naming convention for such functions:
+a source/sink BIO is normally called BIO_s_*() and a filter BIO
+BIO_f_*();
+
+=head1 EXAMPLE
+
+Create a memory BIO:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod b/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod
new file mode 100644
index 0000000000..2256ba9d34
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_new_bio_pair.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+BIO_new_bio_pair - create a new BIO pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+=head1 DESCRIPTION
+
+BIO_new_bio_pair() creates a buffering BIO pair. It has two endpoints between
+data can be buffered. Its typical use is to connect one endpoint as underlying
+input/output BIO to an SSL and access the other one controlled by the program
+instead of accessing the network connection directly.
+
+The two new BIOs B<bio1> and B<bio2> are symmetric with respect to their
+functionality. The size of their buffers is determined by B<writebuf1> and
+B<writebuf2>. If the size give is 0, the default size is used.
+
+BIO_new_bio_pair() does not check whether B<bio1> or B<bio2> do point to
+some other BIO, the values are overwritten, BIO_free() is not called.
+
+The two BIOs, even though forming a BIO pair and must be BIO_free()'ed
+separately. This can be of importance, as some SSL-functions like SSL_set_bio()
+or SSL_free() call BIO_free() implicitly, so that the peer-BIO is left
+untouched and must also be BIO_free()'ed.
+
+=head1 EXAMPLE
+
+The BIO pair can be used to have full control over the network access of an
+application. The application can call select() on the socket as required
+without having to go through the SSL-interface.
+
+ BIO *internal_bio, *network_bio;
+ ...
+ BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+ SSL_set_bio(ssl, internal_bio);
+ SSL_operations();
+ ...
+
+ application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+    +----------< BIO-pair (network_bio)
+    |        |
+  socket     |
+
+  ...
+  SSL_free(ssl);                /* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
+
+As the BIO pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+
+Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
+and must be transfered to the network. Use BIO_ctrl_get_read_request() to
+find out, how many bytes must be written into the buffer before the
+SSL_operation() can successfully be continued.
+
+=head1 IMPORTANT
+
+As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of SSL_operation() but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The BIO pair was created successfully. The new BIOs are available in
+B<bio1> and B<bio2>.
+
+=item 0
+
+The operation failed. The NULL pointer is stored into the locations for
+B<bio1> and B<bio2>. Check the error stack for more information.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<BIO_ctrl_pending(3)|BIO_ctrl_pending(3)>,
+L<BIO_ctrl_get_read_request(3)|BIO_ctrl_get_read_request(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/BIO_push.pod b/src/lib/libssl/src/doc/crypto/BIO_push.pod
new file mode 100644
index 0000000000..8af1d3c097
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_push.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BIO_push, BIO_pop - add and remove BIOs from a chain.
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *  BIO_push(BIO *b,BIO *append);
+ BIO *  BIO_pop(BIO *b);
+
+=head1 DESCRIPTION
+
+The BIO_push() function appends the BIO B<append> to B<b>, it returns
+B<b>.
+
+BIO_pop() removes the BIO B<b> from a chain and returns the next BIO
+in the chain, or NULL if there is no next BIO. The removed BIO then
+becomes a single BIO with no association with the original chain,
+it can thus be freed or attached to a different chain.
+
+=head1 NOTES
+
+The names of these functions are perhaps a little misleading. BIO_push()
+joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain,
+the deleted BIO does not need to be at the end of a chain.
+
+The process of calling BIO_push() and BIO_pop() on a BIO may have additional
+consequences (a control call is made to the affected BIOs) any effects will
+be noted in the descriptions of individual BIOs.
+
+=head1 EXAMPLES
+
+For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is
+a base64 BIO and B<f> is a file BIO.
+
+If the call:
+
+ BIO_push(b64, f);
+
+is made then the new chain will be B<b64-chain>. After making the calls
+
+ BIO_push(md2, b64);
+ BIO_push(md1, md2);
+
+the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
+by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
+
+It should be noted that reading causes data to pass in the reverse
+direction, that is data is read from B<f>, base64 B<decoded> and digested
+by B<md1> and B<md2>. If the call:
+
+ BIO_pop(md2);
+
+The call will return B<b64> and the new chain will be B<md1-b64-f> data can
+be written to B<md1> as before.
+
+=head1 RETURN VALUES
+
+BIO_push() returns the end of the chain, B<b>.
+
+BIO_pop() returns the next BIO in the chain, or NULL if there is no next
+BIO.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_read.pod b/src/lib/libssl/src/doc/crypto/BIO_read.pod
new file mode 100644
index 0000000000..b34528104d
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_read.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int    BIO_read(BIO *b, void *buf, int len);
+ int    BIO_gets(BIO *b,char *buf, int size);
+ int    BIO_write(BIO *b, const void *buf, int len);
+ int    BIO_puts(BIO *b,const char *buf);
+
+=head1 DESCRIPTION
+
+BIO_read() attempts to read B<len> bytes from BIO B<b> and places
+the data in B<buf>.
+
+BIO_gets() performs the BIOs "gets" operation and places the data
+in B<buf>. Usually this operation will attempt to read a line of data
+from the BIO of maximum length B<len>. There are exceptions to this
+however, for example BIO_gets() on a digest BIO will calculate and
+return the digest and other BIOs may not support BIO_gets() at all.
+
+BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
+
+BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>
+
+=head1 RETURN VALUES
+
+All these functions return either the amount of data successfully read or
+written (if the return value is positive) or that no data was successfully
+read or written if the result is 0 or -1. If the return value is -2 then
+the operation is not implemented in the specific BIO type.
+
+=head1 NOTES
+
+A 0 or -1 return is not necessarily an indication of an error. In
+particular when the source/sink is non-blocking or of a certain type
+it may merely be an indication that no data is currently available and that
+the application should retry the operation later.
+
+One technique sometimes used with blocking sockets is to use a system call
+(such as select(), poll() or equivalent) to determine when data is available
+and then call read() to read the data. The equivalent with BIOs (that is call
+select() on the underlying I/O structure and then call BIO_read() to
+read the data) should B<not> be used because a single call to BIO_read()
+can cause several reads (and writes in the case of SSL BIOs) on the underlying
+I/O structure and may block as a result. Instead select() (or equivalent)
+should be combined with non blocking I/O so successive reads will request
+a retry instead of blocking.
+
+See L<BIO_should_retry(3)|BIO_should_retry(3)> for details of how to
+determine the cause of a retry and other I/O issues.
+
+If the BIO_gets() function is not supported by a BIO then it possible to
+work around this by adding a buffering BIO L<BIO_f_buffer(3)|BIO_f_buffer(3)>
+to the chain.
+
+=head1 SEE ALSO
+
+L<BIO_should_retry(3)|BIO_should_retry(3)>
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
new file mode 100644
index 0000000000..c49da7fb02
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
@@ -0,0 +1,184 @@
+=pod
+
+=head1 NAME
+
+BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
+BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
+BIO_get_bind_mode, BIO_do_accept - accept BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_s_accept(void);
+
+ #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+ #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+
+ BIO *BIO_new_accept(char *host_port);
+
+ #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+ #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+ #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+ #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+ #define BIO_BIND_NORMAL                0
+ #define BIO_BIND_REUSEADDR_IF_UNUSED   1
+ #define BIO_BIND_REUSEADDR             2
+
+ #define BIO_do_accept(b)       BIO_do_handshake(b)
+
+=head1 DESCRIPTION
+
+BIO_s_accept() returns the accept BIO method. This is a wrapper
+round the platform's TCP/IP socket accept routines.
+
+Using accept BIOs TCP/IP connections can be accepted and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on an accept BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port (see below) is set up properly then the BIO
+waits for an incoming connection.
+
+Accept BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on an accept BIO then any active
+connection on that chain is shutdown and the socket closed when
+the BIO is freed.
+
+Calling BIO_reset() on a accept BIO will close any active
+connection and reset the BIO into a state where it awaits another
+incoming connection.
+
+BIO_get_fd() and BIO_set_fd() can be called to retrieve or set
+the accept socket. See L<BIO_s_fd(3)|BIO_s_fd(3)>
+
+BIO_set_accept_port() uses the string B<name> to set the accept
+port. The port is represented as a string of the form "host:port",
+where "host" is the interface to use and "port" is the port.
+Either or both values can be "*" which is interpreted as meaning
+any interface or port respectively. "port" has the same syntax
+as the port specified in BIO_set_conn_port() for connect BIOs,
+that is it can be a numerical port string or a string to lookup
+using getservbyname() and a string table.
+
+BIO_new_accept() combines BIO_new() and BIO_set_accept_port() into
+a single call: that is it creates a new accept BIO with port
+B<host_port>.
+
+BIO_set_nbio_accept() sets the accept socket to blocking mode
+(the default) if B<n> is 0 or non blocking mode if B<n> is 1.
+
+BIO_set_accept_bios() can be used to set a chain of BIOs which
+will be duplicated and prepended to the chain when an incoming
+connection is received. This is useful if, for example, a 
+buffering or SSL BIO is required for each connection. The
+chain of BIOs must not be freed after this call, they will
+be automatically freed when the accept BIO is freed.
+
+BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
+the current bind mode. If BIO_BIND_NORMAL (the default) is set
+then another socket cannot be bound to the same port. If
+BIO_BIND_REUSEADDR is set then other sockets can bind to the
+same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and
+attempt is first made to use BIO_BIN_NORMAL, if this fails
+and the port is not in use then a second attempt is made
+using BIO_BIND_REUSEADDR.
+
+BIO_do_accept() serves two functions. When it is first
+called, after the accept BIO has been setup, it will attempt
+to create the accept socket and bind an address to it. Second
+and subsequent calls to BIO_do_accept() will await an incoming
+connection.
+
+=head1 NOTES
+
+When an accept BIO is at the end of a chain it will await an
+incoming connection before processing I/O calls. When an accept
+BIO is not at then end of a chain it passes I/O calls to the next
+BIO in the chain.
+
+When a connection is established a new socket BIO is created for
+the connection and appended to the chain. That is the chain is now
+accept->socket. This effectively means that attempting I/O on
+an initial accept socket will await an incoming connection then
+perform I/O on it.
+
+If any additional BIOs have been set using BIO_set_accept_bios()
+then they are placed between the socket and the accept BIO,
+that is the chain will be accept->otherbios->socket.
+
+If a server wishes to process multiple connections (as is normally
+the case) then the accept BIO must be made available for further
+incoming connections. This can be done by waiting for a connection and
+then calling:
+
+ connection = BIO_pop(accept);
+
+After this call B<connection> will contain a BIO for the recently
+established connection and B<accept> will now be a single BIO
+again which can be used to await further incoming connections.
+If no further connections will be accepted the B<accept> can
+be freed using BIO_free().
+
+If only a single connection will be processed it is possible to
+perform I/O using the accept BIO itself. This is often undesirable
+however because the accept BIO will still accept additional incoming
+connections. This can be resolved by using BIO_pop() (see above)
+and freeing up the accept BIO after the initial connection.
+
+=head1 RETURN VALUES
+
+TBA
+
+=head1 EXAMPLE
+
+This example accepts two connections on port 4444, sends messages
+down each and finally closes both down.
+
+ BIO *abio, *cbio, *cbio2;
+ ERR_load_crypto_strings();
+ abio = BIO_new_accept("4444");
+
+ /* First call to BIO_accept() sets up accept BIO */
+ if(BIO_do_accept(abio) <= 0) {
+        fprintf(stderr, "Error setting up accept\n");
+        ERR_print_errors_fp(stderr);
+        exit(0);                
+ }
+
+ /* Wait for incoming connection */
+ if(BIO_do_accept(abio) <= 0) {
+        fprintf(stderr, "Error accepting connection\n");
+        ERR_print_errors_fp(stderr);
+        exit(0);                
+ }
+ fprintf(stderr, "Connection 1 established\n");
+ /* Retrieve BIO for connection */
+ cbio = BIO_pop(abio);
+ BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+ fprintf(stderr, "Sent out data on connection 1\n");
+ /* Wait for another connection */
+ if(BIO_do_accept(abio) <= 0) {
+        fprintf(stderr, "Error accepting connection\n");
+        ERR_print_errors_fp(stderr);
+        exit(0);                
+ }
+ fprintf(stderr, "Connection 2 established\n");
+ /* Close accept BIO to refuse further connections */
+ cbio2 = BIO_pop(abio);
+ BIO_free(abio);
+ BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+ fprintf(stderr, "Sent out data on connection 2\n");
+
+ BIO_puts(cbio, "Connection 1: Second connection established\n");
+ /* Close the two established connections */
+ BIO_free(cbio);
+ BIO_free(cbio2);
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod b/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod
new file mode 100644
index 0000000000..95ae802e47
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
+BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
+BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *BIO_s_bio(void);
+
+ #define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+ #define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+
+ #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+
+ #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+ #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+ #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+
+ #define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+ size_t BIO_ctrl_get_read_request(BIO *b);
+
+ int BIO_ctrl_reset_read_request(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
+BIOs where data written to either half of the pair is buffered and can be read from
+the other half. Both halves must usually by handled by the same application thread
+since no locking is done on the internal data structures.
+
+Since BIO chains typically end in a source/sink BIO it is possible to make this
+one half of a BIO pair and have all the data processed by the chain under application
+control.
+
+One typical use of BIO pairs is to place TLS/SSL I/O under application control, this
+can be used when the application wishes to use a non standard transport for
+TLS/SSL or the normal socket routines are inappropriate.
+
+Calls to BIO_read() will read data from the buffer or request a retry if no
+data is available.
+
+Calls to BIO_write() will place data in the buffer or request a retry if the
+buffer is full.
+
+The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to
+determine the amount of pending data in the read or write buffer.
+
+BIO_reset() clears any data in the write buffer.
+
+BIO_make_bio_pair() joins two separate BIOs into a connected pair.
+
+BIO_destroy_pair() destroys the association between two connected BIOs. Freeing
+up any half of the pair will automatically destroy the association.
+
+BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
+writes on BIO B<b> are allowed (they will return an error). Reads on the other
+half of the pair will return any pending data or EOF when all pending data has
+been read. 
+
+BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
+If the size is not initialized a default value is used. This is currently
+17K, sufficient for a maximum size TLS record.
+
+BIO_get_write_buf_size() returns the size of the write buffer.
+
+BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
+BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
+with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
+zero then the default size is used.
+
+BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
+length of data that can be currently written to the BIO. Writes larger than this
+value will return a value from BIO_write() less than the amount requested or if the
+buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function
+whereas BIO_get_write_guarantee() is a macro.
+
+BIO_get_read_request() and BIO_ctrl_get_read_request() return the
+amount of data requested, or the buffer size if it is less, if the
+last read attempt at the other half of the BIO pair failed due to an
+empty buffer.  This can be used to determine how much data should be
+written to the BIO so the next read will succeed: this is most useful
+in TLS/SSL applications where the amount of data read is usually
+meaningful rather than just a buffer size. After a successful read
+this call will return zero.  It also will return zero once new data
+has been written satisfying the read request or part of it.
+Note that BIO_get_read_request() never returns an amount larger
+than that returned by BIO_get_write_guarantee().
+
+BIO_ctrl_reset_read_request() can also be used to reset the value returned by
+BIO_get_read_request() to zero.
+
+=head1 NOTES
+
+Both halves of a BIO pair should be freed. That is even if one half is implicit
+freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.
+
+When used in bidirectional applications (such as TLS/SSL) care should be taken to
+flush any data in the write buffer. This can be done by calling BIO_pending()
+on the other half of the pair and, if any data is pending, reading it and sending
+it to the underlying transport. This must be done before any normal processing
+(such as calling select() ) due to a request and BIO_should_read() being true.
+
+To see why this is important consider a case where a request is sent using
+BIO_write() and a response read with BIO_read(), this can occur during an
+TLS/SSL handshake for example. BIO_write() will succeed and place data in the write
+buffer. BIO_read() will initially fail and BIO_should_read() will be true. If
+the application then waits for data to be available on the underlying transport
+before flushing the write buffer it will never succeed because the request was
+never sent!
+
+=head1 EXAMPLE
+
+TBA
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<BIO_should_retry(3)|BIO_should_retry(3)>, L<BIO_read(3)|BIO_read(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
new file mode 100644
index 0000000000..fe1aa679d4
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
@@ -0,0 +1,182 @@
+=pod
+
+=head1 NAME
+
+BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
+BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
+BIO_set_nbio, BIO_do_connect - connect BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_s_connect(void);
+
+ #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+ #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+ #define BIO_set_conn_ip(b,ip)    BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+ #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+ #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+ #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+ #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+ #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+
+ #define BIO_set_nbio(b,n)      BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+ #define BIO_do_connect(b)      BIO_do_handshake(b)
+
+=head1 DESCRIPTION
+
+BIO_s_connect() returns the connect BIO method. This is a wrapper
+round the platform's TCP/IP socket connection routines.
+
+Using connect BIOs TCP/IP connections can be made and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on a connect BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port and hostname (see below) is set up properly then
+a connection is established first.
+
+Connect BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on a connect BIO then any active
+connection is shutdown and the socket closed when the BIO
+is freed.
+
+Calling BIO_reset() on a connect BIO will close any active
+connection and reset the BIO into a state where it can connect
+to the same host again.
+
+BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
+it also returns the socket . If B<c> is not NULL it should be of
+type (int *).
+
+BIO_set_conn_hostname() uses the string B<name> to set the hostname
+The hostname can be an IP address. The hostname can also include the
+port in the form hostname:port . It is also acceptable to use the
+form "hostname/any/other/path" or "hostname:port/any/other/path".
+
+BIO_set_conn_port() sets the port to B<port>. B<port> can be the
+numerical form or a string such as "http". A string will be looked
+up first using getservbyname() on the host platform but if that
+fails a standard table of port names will be used. Currently the
+list is http, telnet, socks, https, ssl, ftp, gopher and wais.
+
+BIO_set_conn_ip() sets the IP address to B<ip> using binary form,
+that is four bytes specifying the IP address in big-endian form.
+
+BIO_set_conn_int_port() sets the port using B<port>. B<port> should
+be of type (int *).
+
+BIO_get_conn_hostname() returns the hostname of the connect BIO or
+NULL if the BIO is initialized but no hostname is set.
+This return value is an internal pointer which should not be modified.
+
+BIO_get_conn_port() returns the port as a string.
+
+BIO_get_conn_ip() returns the IP address in binary form.
+
+BIO_get_conn_int_port() returns the port as an int.
+
+BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
+zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
+is set. Blocking I/O is the default. The call to BIO_set_nbio()
+should be made before the connection is established because 
+non blocking I/O is set during the connect process.
+
+BIO_do_connect() attempts to connect the supplied BIO. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried.
+
+=head1 NOTES
+
+If blocking I/O is set then a non positive return value from any
+I/O call is caused by an error condition, although a zero return
+will normally mean that the connection was closed.
+
+If the port name is supplied as part of the host name then this will
+override any value set with BIO_set_conn_port(). This may be undesirable
+if the application does not wish to allow connection to arbitrary
+ports. This can be avoided by checking for the presence of the ':'
+character in the passed hostname and either indicating an error or
+truncating the string at that point.
+
+The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
+connection attempt is made. Before any connection attempt the values
+returned are those set by the application itself.
+
+Applications do not have to call BIO_do_connect() but may wish to do
+so to separate the connection process from other I/O processing.
+
+If non blocking I/O is set then retries will be requested as appropriate.
+
+It addition to BIO_should_read() and BIO_should_write() it is also
+possible for BIO_should_io_special() to be true during the initial
+connection process with the reason BIO_RR_CONNECT. If this is returned
+then this is an indication that a connection attempt would block,
+the application should then take appropriate action to wait until
+the underlying socket has connected and retry the call.
+
+=head1 RETURN VALUES
+
+BIO_s_connect() returns the connect BIO method.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not
+been initialized.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
+BIO_set_conn_int_port() always return 1.
+
+BIO_get_conn_hostname() returns the connected hostname or NULL is
+none was set.
+
+BIO_get_conn_port() returns a string representing the connected
+port or NULL if not set.
+
+BIO_get_conn_ip() returns a pointer to the connected IP address in
+binary form or all zeros if not set.
+
+BIO_get_conn_int_port() returns the connected port or 0 if none was
+set.
+
+BIO_set_nbio() always returns 1.
+
+BIO_do_connect() returns 1 if the connection was successfully
+established and 0 or -1 if the connection failed.
+
+=head1 EXAMPLE
+
+This is example connects to a webserver on the local host and attempts
+to retrieve a page and copy the result to standard output.
+
+
+ BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
+ ERR_load_crypto_strings();
+ cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if(BIO_do_connect(cbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        /* whatever ... */
+        }
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for(;;) {      
+        len = BIO_read(cbio, tmpbuf, 1024);
+        if(len <= 0) break;
+        BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
+
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod b/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod
new file mode 100644
index 0000000000..b1de1d1015
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod
@@ -0,0 +1,89 @@
+=pod
+
+=head1 NAME
+
+BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_s_fd(void);
+
+ #define BIO_set_fd(b,fd,c)     BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+ #define BIO_get_fd(b,c)        BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+ BIO *BIO_new_fd(int fd, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_fd() returns the file descriptor BIO method. This is a wrapper
+round the platforms file descriptor routines such as read() and write().
+
+BIO_read() and BIO_write() read or write the underlying descriptor.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then then close() is called on the underlying
+file descriptor when the BIO is freed.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using lseek(fd, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using lseek(fd, ofs, 0).
+
+BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
+
+BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
+flag to B<c>.
+
+BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
+returns the file descriptor. If B<c> is not NULL it should be of type
+(int *).
+
+BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
+
+=head1 NOTES
+
+The behaviour of BIO_read() and BIO_write() depends on the behavior of the
+platforms read() and write() calls on the descriptor. If the underlying 
+file descriptor is in a non blocking mode then the BIO will behave in the
+manner described in the L<BIO_read(3)|BIO_read(3)> and L<BIO_should_retry(3)|BIO_should_retry(3)>
+manual pages.
+
+File descriptor BIOs should not be used for socket I/O. Use socket BIOs
+instead.
+
+=head1 RETURN VALUES
+
+BIO_s_fd() returns the file descriptor BIO method.
+
+BIO_reset() returns zero for success and -1 if an error occurred.
+BIO_seek() and BIO_tell() return the current file position or -1
+is an error occurred. These values reflect the underlying lseek()
+behaviour.
+
+BIO_set_fd() always returns 1.
+
+BIO_get_fd() returns the file descriptor or -1 if the BIO has not
+been initialized.
+
+BIO_new_fd() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 EXAMPLE
+
+This is a file descriptor BIO version of "Hello World":
+
+ BIO *out;
+ out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
+L<BIO_reset(3)|BIO_reset(3)>, L<BIO_read(3)|BIO_read(3)>,
+L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
+L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
+L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_file.pod b/src/lib/libssl/src/doc/crypto/BIO_s_file.pod
new file mode 100644
index 0000000000..b2a29263f4
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_file.pod
@@ -0,0 +1,144 @@
+=pod
+
+=head1 NAME
+
+BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+BIO_read_filename, BIO_write_filename, BIO_append_filename,
+BIO_rw_filename - FILE bio
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int flags);
+
+ BIO_set_fp(BIO *b,FILE *fp, int flags);
+ BIO_get_fp(BIO *b,FILE **fpp);
+
+ int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+ int BIO_append_filename(BIO *b, char *name)
+ int BIO_rw_filename(BIO *b, char *name)
+
+=head1 DESCRIPTION
+
+BIO_s_file() returns the BIO file method. As its name implies it
+is a wrapper round the stdio FILE structure and it is a
+source/sink BIO.
+
+Calls to BIO_read() and BIO_write() read and write data to the
+underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
+
+BIO_flush() on a file BIO calls the fflush() function on the wrapped
+stream.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using fseek(stream, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using fseek(stream, ofs, 0).
+
+BIO_eof() calls feof().
+
+Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
+is freed.
+
+BIO_new_file() creates a new file BIO with mode B<mode> the meaning
+of B<mode> is the same as the stdio function fopen(). The BIO_CLOSE
+flag is set on the returned BIO.
+
+BIO_new_fp() creates a file BIO wrapping B<stream>. Flags can be:
+BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying
+stream to text mode, default is binary: this only has any effect under
+Win32).
+
+BIO_set_fp() set the fp of a file BIO to B<fp>. B<flags> has the same
+meaning as in BIO_new_fp(), it is a macro.
+
+BIO_get_fp() retrieves the fp of a file BIO, it is a macro.
+
+BIO_seek() is a macro that sets the position pointer to B<offset> bytes
+from the start of file.
+
+BIO_tell() returns the value of the position pointer.
+
+BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
+BIO_rw_filename() set the file BIO B<b> to use file B<name> for
+reading, writing, append or read write respectively.
+
+=head1 NOTES
+
+When wrapping stdout, stdin or stderr the underlying stream should not
+normally be closed so the BIO_NOCLOSE flag should be set.
+
+Because the file BIO calls the underlying stdio functions any quirks
+in stdio behaviour will be mirrored by the corresponding BIO.
+
+=head1 EXAMPLES
+
+File BIO "hello world":
+
+ BIO *bio_out;
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_printf(bio_out, "Hello World\n");
+
+Alternative technique:
+
+ BIO *bio_out;
+ bio_out = BIO_new(BIO_s_file());
+ if(bio_out == NULL) /* Error ... */
+ if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+ BIO_printf(bio_out, "Hello World\n");
+
+Write to a file:
+
+ BIO *out;
+ out = BIO_new_file("filename.txt", "w");
+ if(!out) /* Error occurred */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+Alternative technique:
+
+ BIO *out;
+ out = BIO_new(BIO_s_file());
+ if(out == NULL) /* Error ... */
+ if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 RETURN VALUES
+
+BIO_s_file() returns the file BIO method.
+
+BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
+occurred.
+
+BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
+(although the current implementation never return 0).
+
+BIO_seek() returns the same value as the underlying fseek() function:
+0 for success or -1 for failure.
+
+BIO_tell() returns the current file position.
+
+BIO_read_filename(), BIO_write_filename(),  BIO_append_filename() and
+BIO_rw_filename() return 1 for success or 0 for failure.
+
+=head1 BUGS
+
+BIO_reset() and BIO_seek() are implemented using fseek() on the underlying
+stream. The return value for fseek() is 0 for success or -1 if an error
+occurred this differs from other types of BIO which will typically return
+1 for success and a non positive value if an error occurred.
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
+L<BIO_reset(3)|BIO_reset(3)>, L<BIO_flush(3)|BIO_flush(3)>,
+L<BIO_read(3)|BIO_read(3)>,
+L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
+L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
+L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
new file mode 100644
index 0000000000..19648acfae
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_s_mem(void);
+
+ BIO_set_mem_eof_return(BIO *b,int v)
+ long BIO_get_mem_data(BIO *b, char **pp)
+ BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
+ BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
+
+ BIO *BIO_new_mem_buf(void *buf, int len);
+
+=head1 DESCRIPTION
+
+BIO_s_mem() return the memory BIO method function. 
+
+A memory BIO is a source/sink BIO which uses memory for its I/O. Data
+written to a memory BIO is stored in a BUF_MEM structure which is extended
+as appropriate to accommodate the stored data.
+
+Any data written to a memory BIO can be recalled by reading from it.
+Unless the memory BIO is read only any data read from it is deleted from
+the BIO.
+
+Memory BIOs support BIO_gets() and BIO_puts().
+
+If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying
+BUF_MEM structure is also freed.
+
+Calling BIO_reset() on a read write memory BIO clears any data in it. On a
+read only BIO it restores the BIO to its original state and the read only
+data can be read again.
+
+BIO_eof() is true if no data is in the BIO.
+
+BIO_ctrl_pending() returns the number of bytes currently stored.
+
+BIO_set_mem_eof_return() sets the behaviour of memory BIO B<b> when it is
+empty. If the B<v> is zero then an empty memory BIO will return EOF (that is
+it will return zero and BIO_should_retry(b) will be false. If B<v> is non
+zero then it will return B<v> when it is empty and it will set the read retry
+flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
+positive return value B<v> should be set to a negative value, typically -1.
+
+BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
+and returns the total amount of data available. It is implemented as a macro.
+
+BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
+close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
+It is a macro.
+
+BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
+a macro.
+
+BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
+if B<len> is -1 then the B<buf> is assumed to be null terminated and its
+length is determined by B<strlen>. The BIO is set to a read only state and
+as a result cannot be written to. This is useful when some data needs to be
+made available from a static area of memory in the form of a BIO. The
+supplied data is read directly from the supplied buffer: it is B<not> copied
+first, so the supplied area of memory must be unchanged until the BIO is freed.
+
+=head1 NOTES
+
+Writes to memory BIOs will always succeed if memory is available: that is
+their size can grow indefinitely.
+
+Every read from a read write memory BIO will remove the data just read with
+an internal copy operation, if a BIO contains a lots of data and it is
+read in small chunks the operation can be very slow. The use of a read only
+memory BIO avoids this problem. If the BIO must be read write then adding
+a buffering BIO to the chain will speed up the process.
+
+=head1 BUGS
+
+There should be an option to set the maximum size of a memory BIO.
+
+There should be a way to "rewind" a read write BIO without destroying
+its contents.
+
+The copying operation should not occur after every small read of a large BIO
+to improve efficiency.
+
+=head1 EXAMPLE
+
+Create a memory BIO and write some data to it:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem, "Hello World\n"); 
+
+Create a read only memory BIO:
+
+ char data[] = "Hello World";
+ BIO *mem;
+ mem = BIO_new_mem_buf(data, -1);
+
+Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
+
+ BUF_MEM *bptr;
+ BIO_get_mem_ptr(mem, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+ BIO_free(mem);
+ 
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_null.pod b/src/lib/libssl/src/doc/crypto/BIO_s_null.pod
new file mode 100644
index 0000000000..e5514f7238
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_null.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+BIO_s_null - null data sink
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_s_null(void);
+
+=head1 DESCRIPTION
+
+BIO_s_null() returns the null sink BIO method. Data written to
+the null sink is discarded, reads return EOF.
+
+=head1 NOTES
+
+A null sink BIO behaves in a similar manner to the Unix /dev/null
+device.
+
+A null bio can be placed on the end of a chain to discard any data
+passed through it.
+
+A null sink is useful if, for example, an application wishes to digest some
+data by writing through a digest bio but not send the digested data anywhere.
+Since a BIO chain must normally include a source/sink BIO this can be achieved
+by adding a null sink BIO to the end of the chain
+
+=head1 RETURN VALUES
+
+BIO_s_null() returns the null sink BIO method.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_socket.pod b/src/lib/libssl/src/doc/crypto/BIO_s_socket.pod
new file mode 100644
index 0000000000..253185185c
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_socket.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+BIO_s_socket, BIO_new_socket - socket BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *   BIO_s_socket(void);
+
+ #define BIO_set_fd(b,fd,c)     BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+ #define BIO_get_fd(b,c)        BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+ BIO *BIO_new_socket(int sock, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_socket() returns the socket BIO method. This is a wrapper
+round the platform's socket routines.
+
+BIO_read() and BIO_write() read or write the underlying socket.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then the socket is shut down and closed
+when the BIO is freed.
+
+BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
+flag to B<c>.
+
+BIO_get_fd() places the socket in B<c> if it is not NULL, it also
+returns the socket . If B<c> is not NULL it should be of type (int *).
+
+BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
+
+=head1 NOTES
+
+Socket BIOs also support any relevant functionality of file descriptor
+BIOs.
+
+The reason for having separate file descriptor and socket BIOs is that on some
+platforms sockets are not file descriptors and use distinct I/O routines,
+Windows is one such platform. Any code mixing the two will not work on
+all platforms.
+
+=head1 RETURN VALUES
+
+BIO_s_socket() returns the socket BIO method.
+
+BIO_set_fd() always returns 1.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not been
+initialized.
+
+BIO_new_socket() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod
new file mode 100644
index 0000000000..9b6961ca8d
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+BIO_debug_callback - BIO callback functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ #define BIO_set_callback(b,cb)         ((b)->callback=(cb))
+ #define BIO_get_callback(b)            ((b)->callback)
+ #define BIO_set_callback_arg(b,arg)    ((b)->cb_arg=(char *)(arg))
+ #define BIO_get_callback_arg(b)                ((b)->cb_arg)
+
+ long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+        long argl,long ret);
+
+ typedef long callback(BIO *b, int oper, const char *argp,
+                        int argi, long argl, long retvalue);
+
+=head1 DESCRIPTION
+
+BIO_set_callback() and BIO_get_callback() set and retrieve the BIO callback,
+they are both macros. The callback is called during most high level BIO
+operations. It can be used for debugging purposes to trace operations on
+a BIO or to modify its operation.
+
+BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
+used to set and retrieve an argument for use in the callback.
+
+BIO_debug_callback() is a standard debugging callback which prints
+out information relating to each BIO operation. If the callback
+argument is set if is interpreted as a BIO to send the information
+to, otherwise stderr is used.
+
+callback() is the callback function itself. The meaning of each
+argument is described below.
+
+The BIO the callback is attached to is passed in B<b>.
+
+B<oper> is set to the operation being performed. For some operations
+the callback is called twice, once before and once after the actual
+operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
+
+The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
+the value of B<oper>, that is the operation being performed.
+
+B<retvalue> is the return value that would be returned to the
+application if no callback were present. The actual value returned
+is the return value of the callback itself. In the case of callbacks
+called before the actual BIO operation 1 is placed in retvalue, if
+the return value is not positive it will be immediately returned to
+the application and the BIO operation will not be performed.
+
+The callback should normally simply return B<retvalue> when it has
+finished processing, unless if specifically wishes to modify the
+value returned to the application.
+
+=head1 CALLBACK OPERATIONS
+
+=over 4
+
+=item B<BIO_free(b)>
+
+callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) is called before the
+free operation.
+
+=item B<BIO_read(b, out, outl)>
+
+callback(b, BIO_CB_READ, out, outl, 0L, 1L) is called before
+the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+
+=item B<BIO_write(b, in, inl)>
+
+callback(b, BIO_CB_WRITE, in, inl, 0L, 1L) is called before
+the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
+after.
+
+=item B<BIO_gets(b, out, outl)>
+
+callback(b, BIO_CB_GETS, out, outl, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+
+=item B<BIO_puts(b, in)>
+
+callback(b, BIO_CB_WRITE, in, 0, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
+after.
+
+=item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
+
+callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
+callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
+
+=back
+
+=head1 EXAMPLE
+
+The BIO_debug_callback() function is a good example, its source is
+in crypto/bio/bio_cb.c
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
new file mode 100644
index 0000000000..539c391272
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+BIO_should_retry, BIO_should_read, BIO_should_write,
+BIO_should_io_special, BIO_retry_type, BIO_should_retry,
+BIO_get_retry_BIO, BIO_get_retry_reason - BIO retry functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ #define BIO_should_read(a)             ((a)->flags & BIO_FLAGS_READ)
+ #define BIO_should_write(a)            ((a)->flags & BIO_FLAGS_WRITE)
+ #define BIO_should_io_special(a)       ((a)->flags & BIO_FLAGS_IO_SPECIAL)
+ #define BIO_retry_type(a)              ((a)->flags & BIO_FLAGS_RWS)
+ #define BIO_should_retry(a)            ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+
+ #define BIO_FLAGS_READ         0x01
+ #define BIO_FLAGS_WRITE        0x02
+ #define BIO_FLAGS_IO_SPECIAL   0x04
+ #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+ #define BIO_FLAGS_SHOULD_RETRY 0x08
+
+ BIO *  BIO_get_retry_BIO(BIO *bio, int *reason);
+ int    BIO_get_retry_reason(BIO *bio);
+
+=head1 DESCRIPTION
+
+These functions determine why a BIO is not able to read or write data.
+They will typically be called after a failed BIO_read() or BIO_write()
+call.
+
+BIO_should_retry() is true if the call that produced this condition
+should then be retried at a later time.
+
+If BIO_should_retry() is false then the cause is an error condition.
+
+BIO_should_read() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_write() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_io_special() is true if some "special" condition, that is a
+reason other than reading or writing is the cause of the condition.
+
+BIO_get_retry_reason() returns a mask of the cause of a retry condition
+consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
+B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
+these.
+
+BIO_get_retry_BIO() determines the precise reason for the special
+condition, it returns the BIO that caused this condition and if 
+B<reason> is not NULL it contains the reason code. The meaning of
+the reason code and the action that should be taken depends on
+the type of BIO that resulted in this condition.
+
+BIO_get_retry_reason() returns the reason for a special condition if
+passed the relevant BIO, for example as returned by BIO_get_retry_BIO().
+
+=head1 NOTES
+
+If BIO_should_retry() returns false then the precise "error condition"
+depends on the BIO type that caused it and the return code of the BIO
+operation. For example if a call to BIO_read() on a socket BIO returns
+0 and BIO_should_retry() is false then the cause will be that the
+connection closed. A similar condition on a file BIO will mean that it
+has reached EOF. Some BIO types may place additional information on
+the error queue. For more details see the individual BIO type manual
+pages.
+
+If the underlying I/O structure is in a blocking mode almost all current
+BIO types will not request a retry, because the underlying I/O
+calls will not. If the application knows that the BIO type will never
+signal a retry then it need not call BIO_should_retry() after a failed
+BIO I/O call. This is typically done with file BIOs.
+
+SSL BIOs are the only current exception to this rule: they can request a
+retry even if the underlying I/O structure is blocking, if a handshake
+occurs during a call to BIO_read(). An application can retry the failed
+call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY
+on the underlying SSL structure.
+
+While an application may retry a failed non blocking call immediately
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.
+
+For example if the cause is ultimately a socket and BIO_should_read()
+is true then a call to select() may be made to wait until data is
+available and then retry the BIO operation. By combining the retry
+conditions of several non blocking BIOs in a single select() call
+it is possible to service several BIOs in a single thread, though
+the performance may be poor if SSL BIOs are present because long delays
+can occur during the initial handshake process. 
+
+It is possible for a BIO to block indefinitely if the underlying I/O
+structure cannot process or return any data. This depends on the behaviour of
+the platforms I/O functions. This is often not desirable: one solution
+is to use non blocking I/O and use a timeout on the select() (or
+equivalent) call.
+
+=head1 BUGS
+
+The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O:
+that is they cannot retry after a partial read or write. This is usually
+worked around by only passing the relevant data to ASN1 functions when
+the entire structure can be read or written.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod b/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod
index c30552b122..dfcefe1a88 100644
--- a/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod
@@ -17,7 +17,8 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
 =head1 DESCRIPTION
 
 These functions are used to obtain temporary B<BIGNUM> variables from
-a B<BN_CTX> in order to save the overhead of repeatedly creating and
+a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)|BN_CTX_new(3)>)
+in order to save the overhead of repeatedly creating and
 freeing B<BIGNUM>s in functions that are called from inside a loop.
 
 A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
diff --git a/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod b/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod
index ca77f0d61b..4f78574ed0 100644
--- a/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod
@@ -36,7 +36,7 @@ NULL, a new B<BIGNUM> is created.
 BN_bn2hex() and BN_bn2dec() return printable strings containing the
 hexadecimal and decimal encoding of B<a> respectively. For negative
 numbers, the string is prefaced with a leading '-'. The string must be
-Free()d later.
+freed later using OPENSSL_free().
 
 BN_hex2bn() converts the string B<str> containing a hexadecimal number
 to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
diff --git a/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod b/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
index 3ec6f6172b..f3cee924b9 100644
--- a/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
@@ -39,7 +39,7 @@ BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
 BN_MONT_CTX_set() sets up the B<mont> structure from the modulus B<m>
 by precomputing its inverse and a value R.
 
-BN_MONT_CTX_copy() copies the B<N_MONT_CTX> B<from> to B<to>.
+BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> B<from> to B<to>.
 
 BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
 it was created by BN_MONT_CTX_new(), also the structure itself.
@@ -49,7 +49,7 @@ the result in B<r>.
 
 BN_from_montgomery() performs the Montgomery reduction B<r> = B<a>*R^-1.
 
-BN_to_montgomery() computes Mont(B<a>,R^2).
+BN_to_montgomery() computes Mont(B<a>,R^2), i.e. B<a>*R.
 
 For all functions, B<ctx> is a previously allocated B<BN_CTX> used for
 temporary variables.
diff --git a/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod b/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
index 38034bba14..74a216ddc2 100644
--- a/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-BN_mod_mul_reciprocal, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
 BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
 reciprocal
 
diff --git a/src/lib/libssl/src/doc/crypto/BN_zero.pod b/src/lib/libssl/src/doc/crypto/BN_zero.pod
index 165fd9a228..2f33876498 100644
--- a/src/lib/libssl/src/doc/crypto/BN_zero.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_zero.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-BN_zero, BN_one, BN_set_word, BN_get_word - BIGNUM assignment operations
+BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment
+operations
 
 =head1 SYNOPSIS
 
diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
index a8f75bdd9d..62088eea1b 100644
--- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-DH_set_default_method, DH_get_default_method, DH_set_method,
-DH_new_method, DH_OpenSSL - select DH method
+DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
 
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
 
- DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_get_default_openssl_method(void);
 
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, ENGINE *engine);
 
- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
 
  DH_METHOD *DH_OpenSSL(void);
 
@@ -28,20 +29,26 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DH_OpenSSL() returns a pointer to that method.
 
-DH_set_default_method() makes B<meth> the default method for all B<DH>
-structures created later.
+DH_set_default_openssl_method() makes B<meth> the default method for all DH
+structures created later. B<NB:> This is true only whilst the default engine
+for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms, and all the DH
+functions mentioned here operate within the scope of the default
+"openssl" engine.
 
-DH_get_default_method() returns a pointer to the current default
-method.
+DH_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
 
-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+DH_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<dh>. If this function completes successfully,
+then the B<dh> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
+ENGINE_get_DH() or ENGINE_set_DH().
 
-DH_get_method() returns a pointer to the method currently selected
-for B<dh>.
-
-DH_new_method() allocates and initializes a B<DH> structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
-the default method is used.
+DH_new_method() allocates and initializes a DH structure so that
+B<engine> will be used for the DH operations. If B<engine> is NULL,
+the default engine for Diffie-Hellman opertaions is used.
 
 =head1 THE DH_METHOD STRUCTURE
 
@@ -75,17 +82,17 @@ the default method is used.
 
 =head1 RETURN VALUES
 
-DH_OpenSSL(), DH_get_default_method() and DH_get_method() return
-pointers to the respective B<DH_METHOD>s.
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+DH_METHODs.
 
-DH_set_default_method() returns no value.
+DH_set_default_openssl_method() returns no value.
 
-DH_set_method() returns a pointer to the B<DH_METHOD> previously
-associated with B<dh>.
+DH_set_method() returns non-zero if the ENGINE associated with B<dh>
+was successfully changed to B<engine>.
 
-DH_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+DH_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
+Otherwise it returns a pointer to the newly allocated structure.
 
 =head1 SEE ALSO
 
@@ -96,4 +103,9 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
 
+DH_set_default_openssl_method() and DH_get_default_openssl_method()
+replaced DH_set_default_method() and DH_get_default_method() respectively,
+and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
index edec46413d..c56dfd0f47 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-DSA_new_method, DSA_OpenSSL - select RSA method
+DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 =head1 SYNOPSIS
 
- #include <openssl/DSA.h>
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
 
- DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
 
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
 
- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
 
  DSA_METHOD *DSA_OpenSSL(void);
 
@@ -28,20 +29,21 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DSA_OpenSSL() returns a pointer to that method.
 
-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
-structures created later.
+DSA_set_default_openssl_method() makes B<meth> the default method for
+all DSA structures created later. B<NB:> This is true only whilst the
+default engine for DSA operations remains as "openssl". ENGINEs
+provide an encapsulation for implementations of one or more algorithms at a
+time, and all the DSA functions mentioned here operate within the scope
+of the default "openssl" engine.
 
-DSA_get_default_method() returns a pointer to the current default
-method.
+DSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
 
-DSA_set_method() selects B<meth> for all operations using the structure B<DSA>.
+DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
 
-DSA_get_method() returns a pointer to the method currently selected
-for B<DSA>.
-
-DSA_new_method() allocates and initializes a B<DSA> structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
-the default method is used.
+DSA_new_method() allocates and initializes a DSA structure so that
+B<engine> will be used for the DSA operations. If B<engine> is NULL,
+the default engine for DSA operations is used.
 
 =head1 THE DSA_METHOD STRUCTURE
 
@@ -87,18 +89,17 @@ struct
 
 =head1 RETURN VALUES
 
-DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return
-pointers to the respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
+respective DSA_METHODs.
 
-DSA_set_default_method() returns no value.
+DSA_set_default_openssl_method() returns no value.
 
-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
-associated with B<dsa>.
+DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
+was successfully changed to B<engine>.
 
-DSA_new_method() returns B<NULL> and sets an error code that can be
+DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
-structure.
+fails. Otherwise it returns a pointer to the newly allocated structure.
 
 =head1 SEE ALSO
 
@@ -109,4 +110,9 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
 
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
+replaced DSA_set_default_method() and DSA_get_default_method() respectively,
+and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
+rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/ERR_error_string.pod b/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
index 0d2417599c..e01beb817a 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
@@ -2,13 +2,16 @@
 
 =head1 NAME
 
-ERR_error_string - obtain human-readable error message
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string - obtain human-readable
+error message
 
 =head1 SYNOPSIS
 
  #include <openssl/err.h>
 
  char *ERR_error_string(unsigned long e, char *buf);
+ char *ERR_error_string_n(unsigned long e, char *buf, size_t len);
 
  const char *ERR_lib_error_string(unsigned long e);
  const char *ERR_func_error_string(unsigned long e);
@@ -17,9 +20,13 @@ ERR_error_string - obtain human-readable error message
 =head1 DESCRIPTION
 
 ERR_error_string() generates a human-readable string representing the
-error code B<e>, and places it at B<buf>. B<buf> must be at least 120
-bytes long. If B<buf> is B<NULL>, the error string is placed in a
+error code I<e>, and places it at I<buf>. I<buf> must be at least 120
+bytes long. If I<buf> is B<NULL>, the error string is placed in a
 static buffer.
+ERR_error_string_n() is a variant of ERR_error_string() that writes
+at most I<len> characters (including the terminating 0)
+and truncates the string if necessary.
+For ERR_error_string_n(), I<buf> may not be B<NULL>.
 
 The string will have the following format:
 
@@ -45,7 +52,7 @@ all error codes currently in the queue.
 =head1 RETURN VALUES
 
 ERR_error_string() returns a pointer to a static buffer containing the
-string if B<buf == NULL>, B<buf> otherwise.
+string if I<buf> B<== NULL>, I<buf> otherwise.
 
 ERR_lib_error_string(), ERR_func_error_string() and
 ERR_reason_error_string() return the strings, and B<NULL> if
@@ -61,5 +68,6 @@ L<ERR_print_errors(3)|ERR_print_errors(3)>
 =head1 HISTORY
 
 ERR_error_string() is available in all versions of SSLeay and OpenSSL.
+ERR_error_string_n() was added in OpenSSL 0.9.6.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
index 75ece00d97..3551bacb8d 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-ERR_get_error, ERR_peek_error - obtain error code
+ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data - obtain error code and data
 
 =head1 SYNOPSIS
 
@@ -40,7 +41,7 @@ the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
 ERR_get_error_line_data() and ERR_peek_error_line_data() store
 additional data and flags associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(),
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
 *B<flags>&B<ERR_TXT_MALLOCED> is true.
 
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/ERR_remove_state.pod b/src/lib/libssl/src/doc/crypto/ERR_remove_state.pod
index ebcdc0f5a5..72925fb9f4 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_remove_state.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_remove_state.pod
@@ -16,7 +16,7 @@ ERR_remove_state() frees the error queue associated with thread B<pid>.
 If B<pid> == 0, the current thread will have its error queue removed.
 
 Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in oder to
+threads, they must be freed when threads are terminated in order to
 avoid memory leaks.
 
 =head1 RETURN VALUE
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 6d4e156ae3..fefc858f7e 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -2,7 +2,12 @@
 
 =head1 NAME
 
-EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
+EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size,
+EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
+EVP digest routines
 
 =head1 SYNOPSIS
 
@@ -45,12 +50,12 @@ EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
 
 The EVP digest routines are a high level interface to message digests.
 
-EVP_DigestInit() initialises a digest context B<ctx> to use a digest
+EVP_DigestInit() initializes a digest context B<ctx> to use a digest
 B<type>: this will typically be supplied by a function such as
 EVP_sha1().
 
 EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-digest context B<ctx>. This funtion can be called several times on the
+digest context B<ctx>. This function can be called several times on the
 same B<ctx> to hash additional data.
 
 EVP_DigestFinal() retrieves the digest value from B<ctx> and places
@@ -58,7 +63,7 @@ it in B<md>. If the B<s> parameter is not NULL then the number of
 bytes of data written (i.e. the length of the digest) will be written
 to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
 After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate()
-can be made, but EVP_DigestInit() can be called to initialiase a new
+can be made, but EVP_DigestInit() can be called to initialize a new
 digest operation.
 
 EVP_MD_CTX_copy() can be used to copy the message digest state from
@@ -97,7 +102,7 @@ returns is of zero length.
 
 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
 return an B<EVP_MD> structure when passed a digest name, a digest NID or
-an ASN1_OBJECT structure respectively. The digest table must be initialised
+an ASN1_OBJECT structure respectively. The digest table must be initialized
 using, for example, OpenSSL_add_all_digests() for these functions to work.
 
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 77ed4ccdba..9afe2396e2 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -2,34 +2,46 @@
 
 =head1 NAME
 
-EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
+EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
+EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate,
+EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl,
+EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid,
+EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size,
+EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags,
+EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid,
+EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length,
+EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type,
+EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1,
+EVP_CIPHER_asn1_to_param - EVP cipher routines
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
          unsigned char *key, unsigned char *iv);
- void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
- void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl);
 
- void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
          unsigned char *key, unsigned char *iv);
- void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
  int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
          int *outl);
 
- void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
          unsigned char *key, unsigned char *iv, int enc);
- void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
  int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
          int *outl);
 
- void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 
  const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
  #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
@@ -38,15 +50,21 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
  #define EVP_CIPHER_nid(e)              ((e)->nid)
  #define EVP_CIPHER_block_size(e)       ((e)->block_size)
  #define EVP_CIPHER_key_length(e)       ((e)->key_len)
- #define EVP_CIPHER_iv_length(e)        ((e)->iv_len)
-
+ #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
+ #define EVP_CIPHER_flags(e)            ((e)->flags)
+ #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
  int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
  #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
  #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
  #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
- #define EVP_CIPHER_CTX_key_length(e)   ((e)->cipher->key_len)
+ #define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
  #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
+ #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
  #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+ #define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
+ #define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
 
  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
  int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -56,16 +74,14 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
 The EVP cipher routines are a high level interface to certain
 symmetric ciphers.
 
-EVP_EncryptInit() initialises a cipher context B<ctx> for encryption
+EVP_EncryptInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type>. B<type> is normally supplied by a function such
 as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the
 IV to use (if necessary), the actual number of bytes used for the
 key and IV depends on the cipher. It is possible to set all parameters
 to NULL except B<type> in an initial call and supply the remaining
-parameters in subsequent calls. This is normally done when the 
-EVP_CIPHER_asn1_to_param() function is called to set the cipher
-parameters from an ASN1 AlgorithmIdentifier and the key from a
-different source.
+parameters in subsequent calls, all of which have B<type> set to NULL.
+This is done when the default cipher parameters are not appropriate.
 
 EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
 writes the encrypted version to B<out>. This function can be called
@@ -93,7 +109,8 @@ cipher block size is 1 in which case B<inl> bytes is sufficient.
 EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions
 that can be used for decryption or encryption. The operation performed
 depends on the value of the B<enc> parameter. It should be set to 1 for
-encryption and 0 for decryption.
+encryption, 0 for decryption and -1 to leave the value unchanged (the
+actual value of 'enc' being supplied in a previous call).
 
 EVP_CIPHER_CTX_cleanup() clears all information from a cipher context.
 It should be called after all operations using a cipher are complete
@@ -111,7 +128,13 @@ IDENTIFIER.
 EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
 length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
 structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
-for all ciphers.
+for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
+given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
+for variable key length ciphers.
+
+EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
 
 EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
 length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
@@ -133,6 +156,11 @@ B<NID_undef>.
 EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
 an B<EVP_CIPHER_CTX> structure.
 
+EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
+EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
+EVP_CIPH_STREAM_CIPHER is returned.
+
 EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
 on the passed cipher. This will typically include any parameters and an
 IV. The cipher IV (if any) must be set when this call is made. This call
@@ -149,21 +177,24 @@ key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
 EVP_CipherInit() again with all parameters except the key set to NULL. It is
 possible for this function to fail if the cipher does not have any ASN1 support
 or the parameters cannot be set (for example the RC2 effective key length
-does not have an B<EVP_CIPHER> structure).
+is not supported.
+
+EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
+and set. Currently only the RC2 effective key length and the number of rounds of
+RC5 can be set.
 
 =head1 RETURN VALUES
 
-EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return
-values.
+EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() return 1 for success
+and 0 for failure.
 
-EVP_DecryptInit() and EVP_DecryptUpdate() do not return values.
+EVP_DecryptInit() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
 EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
 
-EVP_CipherInit() and EVP_CipherUpdate() do not return values.
-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if
-the operation is encryption then it always returns 1.
+EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
 
-EVP_CIPHER_CTX_cleanup() does not return a value.
+EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
 
 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
 return an B<EVP_CIPHER> structure or NULL on error.
@@ -187,6 +218,75 @@ EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
 EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
 success or zero for failure.
 
+=head1 CIPHER LISTING
+
+All algorithms have a fixed key length unless otherwise stated.
+
+=over 4
+
+=item EVP_enc_null()
+
+Null cipher: does nothing.
+
+=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
+
+DES in CBC, ECB, CFB and OFB modes respectively. 
+
+=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
+
+Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),  EVP_des_ede3_cfb(void)
+
+Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_desx_cbc(void)
+
+DESX algorithm in CBC mode.
+
+=item EVP_rc4(void)
+
+RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
+
+=item EVP_rc4_40(void)
+
+RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
+and the EVP_CIPHER_CTX_set_key_length() function.
+
+=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
+
+IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
+
+RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher with an additional parameter called "effective key bits" or "effective key length".
+By default both are set to 128 bits.
+
+=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
+
+RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
+EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
+
+=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
+
+Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
+
+CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
+
+RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
+cipher with an additional "number of rounds" parameter. By default the key length is set to 128
+bits and 12 rounds.
+
+=back
+
 =head1 NOTES
 
 Where possible the B<EVP> interface to symmetric ciphers should be used in
@@ -206,14 +306,49 @@ test that the input data or key is correct. A random block has better than
 1 in 256 chance of being of the correct format and problems with the
 input data earlier on will not produce a final decrypt error.
 
+The functions EVP_EncryptInit(), EVP_EncryptUpdate(), EVP_EncryptFinal(),
+EVP_DecryptInit(), EVP_DecryptUpdate(), EVP_CipherInit() and EVP_CipherUpdate()
+and EVP_CIPHER_CTX_cleanup() did not return errors in OpenSSL version 0.9.5a or
+earlier. Software only versions of encryption algorithms will never return
+error codes for these functions, unless there is a programming error (for example
+and attempt to set the key before the cipher is set in EVP_EncryptInit() ).
+
 =head1 BUGS
 
-The current B<EVP> cipher interface is not as flexible as it should be. Only
-certain "spot" encryption algorithms can be used for ciphers which have various
-parameters associated with them (RC2, RC5 for example) this is inadequate.
+For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current RC5 code rather than the EVP interface.
+
+It should be possible to disable PKCS padding: currently it isn't.
+
+EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a 
+generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
+
+The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+
+=head1 EXAMPLES
+
+Get the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i);
+
+Get the RC2 effective key length:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+
+Set the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL);
+
+Set the number of rounds used in RC2:
 
-Several of the functions do not return error codes because the software versions
-can never fail. This is not true of hardware versions.
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL);
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod b/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
index 50edb124e4..2e710da945 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
@@ -10,9 +10,9 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
 
  int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
                 int ekl,unsigned char *iv,EVP_PKEY *priv);
- void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
- void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl);
 
 =head1 DESCRIPTION
@@ -21,7 +21,7 @@ The EVP envelope routines are a high level interface to envelope
 decryption. They decrypt a public key encrypted symmetric key and
 then decrypt data using it.
 
-EVP_OpenInit() initialises a cipher context B<ctx> for decryption
+EVP_OpenInit() initializes a cipher context B<ctx> for decryption
 with cipher B<type>. It decrypts the encrypted symmetric key of length
 B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
 The IV is supplied in the B<iv> parameter.
@@ -29,20 +29,32 @@ The IV is supplied in the B<iv> parameter.
 EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
 as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
 documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
+page.
+
+=head1 NOTES
+
+It is possible to call EVP_OpenInit() twice in the same way as
+EVP_DecryptInit(). The first call should have B<priv> set to NULL
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+If the cipher passed in the B<type> parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
 
 =head1 RETURN VALUES
 
-EVP_OpenInit() returns -1 on error or an non zero integer (actually the
+EVP_OpenInit() returns 0 on error or a non zero integer (actually the
 recovered secret key size) if successful.
 
-EVP_SealUpdate() does not return a value.
+EVP_OpenUpdate() returns 1 for success or 0 for failure.
 
-EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
+EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 42beed33bd..0451eb648a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -10,9 +10,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
 
  int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
                 int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
- void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
- void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl);
 
 =head1 DESCRIPTION
@@ -22,7 +22,7 @@ encryption. They generate a random key and then "envelope" it by
 using public key encryption. Data can then be encrypted using this
 key.
 
-EVP_SealInit() initialises a cipher context B<ctx> for encryption
+EVP_SealInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type> using a random secret key and IV supplied in
 the B<iv> parameter. B<type> is normally supplied by a function such
 as EVP_des_cbc(). The secret key is encrypted using one or more public
@@ -41,9 +41,10 @@ page.
 
 =head1 RETURN VALUES
 
-EVP_SealInit() returns -1 on error or B<npubk> if successful.
+EVP_SealInit() returns 0 on error or B<npubk> if successful.
 
-EVP_SealUpdate() and EVP_SealFinal() do not return values.
+EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+failure.
 
 =head1 NOTES
 
@@ -59,9 +60,14 @@ but symmetric encryption is fast. So symmetric encryption is used for
 bulk encryption and the small random symmetric key used is transferred
 using public key encryption.
 
+It is possible to call EVP_SealInit() twice in the same way as
+EVP_EncryptInit(). The first call should have B<npubk> set to 0
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 1167cefb45..d5ce245ecd 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -19,12 +19,12 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
 The EVP signature routines are a high level interface to digital
 signatures.
 
-EVP_SignInit() initialises a signing context B<ctx> to using digest
+EVP_SignInit() initializes a signing context B<ctx> to using digest
 B<type>: this will typically be supplied by a function such as
 EVP_sha1().
 
 EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This funtion can be called several times on the
+signature context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 
 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
@@ -32,7 +32,7 @@ and places the signature in B<sig>. If the B<s> parameter is not NULL
 then the number of bytes of data written (i.e. the length of the signature)
 will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
 will be written.  After calling EVP_SignFinal() no additional calls to
-EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase
+EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialize
 a new signature operation.
 
 EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index 5e74c5dcf9..736a0f4a82 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -17,17 +17,17 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f
 The EVP signature verification routines are a high level interface to digital
 signatures.
 
-EVP_VerifyInit() initialises a verification context B<ctx> to using digest
+EVP_VerifyInit() initializes a verification context B<ctx> to using digest
 B<type>: this will typically be supplied by a function such as EVP_sha1().
 
 EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
-verification context B<ctx>. This funtion can be called several times on the
+verification context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 
 EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
 and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
 no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
-can be called to initialiase a new verification operation.
+can be called to initialize a new verification operation.
 
 =head1 RETURN VALUES
 
@@ -57,11 +57,12 @@ might.
 
 =head1 SEE ALSO
 
+L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod
index b0b1058d19..68ea723259 100644
--- a/src/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/src/lib/libssl/src/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number
+OPENSSL_VERSION_NUMBER, SSLeay SSLeay_version - get OpenSSL version number
 
 =head1 SYNOPSIS
 
@@ -11,11 +11,27 @@ OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number
 
  #include <openssl/crypto.h>
  long SSLeay(void);
+ char *SSLeay_version(int t);
 
 =head1 DESCRIPTION
 
 OPENSSL_VERSION_NUMBER is a numeric release version identifier:
 
+ MMNNFFPPS: major minor fix patch status
+
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+
+for example
+
+ 0x000906000 == 0.9.6 dev
+ 0x000906023 == 0.9.6b beta 3
+ 0x00090605f == 0.9.6e release
+
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+
  MMNNFFRBB major minor fix final beta/patch
 
 for example
@@ -23,13 +39,39 @@ for example
  0x000904100 == 0.9.4 release
  0x000905000 == 0.9.5 dev
 
-Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity.  The
+number was therefore 0x0090581f.
+
+
 For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
 
 SSLeay() returns this number. The return value can be compared to the
 macro to make sure that the correct version of the library has been
 loaded, especially when using DLLs on Windows systems.
 
+SSLeay_version() returns different strings depending on B<t>:
+
+=over 4
+
+=item SSLEAY_VERSION
+The text variant of the version number and the release date.  For example,
+"OpenSSL 0.9.5a 1 Apr 2000".
+
+=item SSLEAY_CFLAGS
+The flags given to the C compiler when compiling OpenSSL are returned in a
+string.
+
+=item SSLEAY_PLATFORM
+The platform name used when OpenSSL was configured is returned.
+
+=back
+
+If the data request isn't available, a text saying that the information is
+not available is returned.
+
+For an unknown B<t>, the text "not available" is returned.
+
 =head1 RETURN VALUE
 
 The version number.
diff --git a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
index 015d4eaf36..e63411b5bb 100644
--- a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-OpenSSL_add_all_algorithms() - add algorithms to internal table
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
+add algorithms to internal table
 
 =head1 SYNOPSIS
 
@@ -43,7 +44,7 @@ by EVP_sha1(). It just needs to add them if it (or any of the functions it calls
 needs to lookup algorithms.
 
 The cipher and digest lookup functions are used in many parts of the library. If
-the table is not initialised several functions will misbehave and complain they
+the table is not initialized several functions will misbehave and complain they
 cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
 This is a common query in the OpenSSL mailing lists.
 
diff --git a/src/lib/libssl/src/doc/crypto/RAND_egd.pod b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
index a40bd96198..40241e2df8 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_egd.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
@@ -21,6 +21,10 @@ RAND_egd() is called with that path as an argument, it tries to read
 random bytes that EGD has collected. The read is performed in
 non-blocking mode.
 
+Alternatively, the EGD-compatible daemon PRNGD can be used. It is
+available from
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
+
 =head1 RETURN VALUE
 
 RAND_egd() returns the number of bytes read from the daemon on
diff --git a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
index 920dc76325..46cc8f5359 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod
@@ -17,14 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi
 
  void *RSA_get_ex_data(RSA *r, int idx);
 
- int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-
- void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-
- int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                                        int idx, long argl, void *argp);
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+                int idx, long argl, void *argp);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libssl/src/doc/crypto/RSA_print.pod b/src/lib/libssl/src/doc/crypto/RSA_print.pod
index dd968a5274..67876facc5 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_print.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_print.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print
-cryptographic parameters
+RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
+parameters
 
 =head1 SYNOPSIS
 
diff --git a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
index 13b7df62be..23861c0004 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
@@ -47,7 +47,7 @@ Encrypting user data directly with RSA is insecure.
 =back
 
 B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
-based padding modes, and less than RSA_size(B<rsa>) - 21 for
+based padding modes, and less than RSA_size(B<rsa>) - 41 for
 RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
 prior to calling RSA_public_encrypt().
 
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
index 14b0b4cf35..b672712292 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -4,17 +4,18 @@
 
 RSA_set_default_method, RSA_get_default_method, RSA_set_method,
 RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref,
-RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
+RSA_null_method, RSA_flags, RSA_new_method - select RSA method
 
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/engine.h>
 
- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
 
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_set_method(RSA *rsa, ENGINE *engine);
 
  RSA_METHOD *RSA_get_method(RSA *rsa);
 
@@ -26,7 +27,7 @@ RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
 
  int RSA_flags(RSA *rsa);
 
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
 
 =head1 DESCRIPTION
 
@@ -46,23 +47,27 @@ the RSA transformation. It is the default if OpenSSL is compiled with
 C<-DRSA_NULL>. These methods may be useful in the USA because of a
 patent on the RSA cryptosystem.
 
-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
-structures created later.
+RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
+structures created later. B<NB:> This is true only whilst the default engine
+for RSA operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms at a time, and all
+the RSA functions mentioned here operate within the scope of the default
+"openssl" engine.
 
-RSA_get_default_method() returns a pointer to the current default
-method.
+RSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
 
-RSA_set_method() selects B<meth> for all operations using the key
+RSA_set_method() selects B<engine> for all operations using the key
 B<rsa>.
 
-RSA_get_method() returns a pointer to the method currently selected
-for B<rsa>.
+RSA_get_method() returns a pointer to the RSA_METHOD from the currently
+selected ENGINE for B<rsa>.
 
 RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
 
-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL,
+the default engine for RSA operations is used.
 
 =head1 THE RSA_METHOD STRUCTURE
 
@@ -128,17 +133,21 @@ the default method is used.
 =head1 RETURN VALUES
 
 RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
-respective B<RSA_METHOD>s.
+RSA_get_default_openssl_method() and RSA_get_method() return pointers to
+the respective RSA_METHODs.
 
-RSA_set_default_method() returns no value.
+RSA_set_default_openssl_method() returns no value.
 
-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
-associated with B<rsa>.
+RSA_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<rsa>. If this function completes successfully,
+then the B<rsa> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
+ENGINE_get_RSA() or ENGINE_set_RSA().
 
-RSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+RSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
 
 =head1 SEE ALSO
 
@@ -151,4 +160,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
 well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.
 
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method() respectively,
+and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/bio.pod b/src/lib/libssl/src/doc/crypto/bio.pod
new file mode 100644
index 0000000000..24f61dfb56
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/bio.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+bio - I/O abstraction
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+TBA
+
+
+=head1 DESCRIPTION
+
+A BIO is an I/O abstraction, it hides many of the underlying I/O
+details from an application. If an application uses a BIO for its
+I/O it can transparently handle SSL connections, unencrypted network
+connections and file I/O.
+
+There are two type of BIO, a source/sink BIO and a filter BIO.
+
+As its name implies a source/sink BIO is a source and/or sink of data,
+examples include a socket BIO and a file BIO.
+
+A filter BIO takes data from one BIO and passes it through to
+another, or the application. The data may be left unmodified (for
+example a message digest BIO) or translated (for example an
+encryption BIO). The effect of a filter BIO may change according
+to the I/O operation it is performing: for example an encryption
+BIO will encrypt data if it is being written to and decrypt data
+if it is being read from.
+
+BIOs can be joined together to form a chain (a single BIO is a chain
+with one component). A chain normally consist of one source/sink
+BIO and one or more filter BIOs. Data read from or written to the
+first BIO then traverses the chain to the end (normally a source/sink
+BIO).
+
+=head1 SEE ALSO
+
+L<BIO_ctrl(3)|BIO_ctrl(3)>,
+L<BIO_f_base64(3)|BIO_f_base64(3)>,
+L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
+L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
+L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
+L<BIO_new_bio_pair(3)|BIO_new_bio_pair(3)>,
+L<BIO_push(3)|BIO_push(3)>, L<BIO_read(3)|BIO_read(3)>,
+L<BIO_s_accept(3)|BIO_s_accept(3)>, L<BIO_s_bio(3)|BIO_s_bio(3)>,
+L<BIO_s_connect(3)|BIO_s_connect(3)>, L<BIO_s_fd(3)|BIO_s_fd(3)>,
+L<BIO_s_file(3)|BIO_s_file(3)>, L<BIO_s_mem(3)|BIO_s_mem(3)>,
+L<BIO_s_null(3)|BIO_s_null(3)>, L<BIO_s_socket(3)|BIO_s_socket(3)>,
+L<BIO_set_callback(3)|BIO_set_callback(3)>,
+L<BIO_should_retry(3)|BIO_should_retry(3)>
diff --git a/src/lib/libssl/src/doc/crypto/blowfish.pod b/src/lib/libssl/src/doc/crypto/blowfish.pod
index e0b777418f..65b8be388c 100644
--- a/src/lib/libssl/src/doc/crypto/blowfish.pod
+++ b/src/lib/libssl/src/doc/crypto/blowfish.pod
@@ -11,9 +11,6 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
 
  void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
- void BF_encrypt(BF_LONG *data,const BF_KEY *key);
- void BF_decrypt(BF_LONG *data,const BF_KEY *key);
- 
  void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
          BF_KEY *key, int enc);
  void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
@@ -25,10 +22,13 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
          long length, BF_KEY *schedule, unsigned char *ivec, int *num);
  const char *BF_options(void);
 
+ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
 =head1 DESCRIPTION
 
 This library implements the Blowfish cipher, which is invented and described
-by Counterpane (see http://www.counterpane.com/blowfish/ ).
+by Counterpane (see http://www.counterpane.com/blowfish.html ).
 
 Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
 It uses a variable size key, but typically, 128 bit (16 byte) keys are
@@ -43,11 +43,6 @@ phase.
 BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
 at B<data>.
 
-BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
-encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
-B<data>, using the key B<key>.  These functions should not be used unless you
-implement 'modes' of Blowfish.
-
 BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
 It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
 putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
@@ -56,37 +51,45 @@ B<in> and B<out> must be 64 bits in length, no less.  If they are larger,
 everything after the first 64 bits is ignored.
 
 The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
-all operate on variable length data.  They all take an initialisation vector
+all operate on variable length data.  They all take an initialization vector
 B<ivec> which needs to be passed along into the next call of the same function 
-for the same message.  B<ivec> may be initialised with anything, but the
-recipient needs to know what it was initialised with, or it won't be able
+for the same message.  B<ivec> may be initialized with anything, but the
+recipient needs to know what it was initialized with, or it won't be able
 to decrypt.  Some programs and protocols simplify this, like SSH, where
-B<ivec> is simply initialised to zero.
+B<ivec> is simply initialized to zero.
 BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
 BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
 number of bytes (the amount does not have to be an exact multiple of 8).  The
 purpose of the latter two is to simulate stream ciphers, and therefore, they
 need the parameter B<num>, which is a pointer to an integer where the current
-offset in B<ivec> is stored between calls.  This integer must be initialised
-to zero when B<ivec> is initialised.
+offset in B<ivec> is stored between calls.  This integer must be initialized
+to zero when B<ivec> is initialized.
 
 BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.  It
 encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
 putting the result in B<out>.  B<enc> decides if encryption (BF_ENCRYPT) or
 decryption (BF_DECRYPT) shall be performed.  B<ivec> must point at an 8 byte
-long initialisation vector.
+long initialization vector.
 
 BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
 It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
 putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
 or decryption (B<BF_DECRYPT>) shall be performed.  B<ivec> must point at an
-8 byte long initialisation vector. B<num> must point at an integer which must
+8 byte long initialization vector. B<num> must point at an integer which must
 be initially zero.
 
 BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
-It uses the same parameters as BF_cfb64_encrypt(), which must be initialised
+It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
 the same way.
 
+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
+B<data>, using the key B<key>.  These functions should not be used unless you
+implement 'modes' of Blowfish.  The alternative is to use BF_ecb_encrypt().
+If you still want to use these functions, you should be aware that they take
+each 32-bit chunk in host-byte order, which is little-endian on little-endian
+platforms and big-endian on big-endian ones.
+
 =head1 RETURN VALUES
 
 None of the functions presented here return any value.
diff --git a/src/lib/libssl/src/doc/crypto/bn_internal.pod b/src/lib/libssl/src/doc/crypto/bn_internal.pod
index 5af0c791c8..8da244aed4 100644
--- a/src/lib/libssl/src/doc/crypto/bn_internal.pod
+++ b/src/lib/libssl/src/doc/crypto/bn_internal.pod
@@ -149,7 +149,7 @@ word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
 array B<r>.  It computes B<a>*B<b> and places the result in B<r>.
 
 bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
-arrays B<r>, B<a> und B<b>.  It computes the B<n> low words of
+arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
 B<a>*B<b> and places the result in B<r>.
 
 bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<t>) operates on the B<n2>
diff --git a/src/lib/libssl/src/doc/crypto/buffer.pod b/src/lib/libssl/src/doc/crypto/buffer.pod
index 7088f51bc4..781f5b11ee 100644
--- a/src/lib/libssl/src/doc/crypto/buffer.pod
+++ b/src/lib/libssl/src/doc/crypto/buffer.pod
@@ -46,11 +46,11 @@ size.
 
 BUF_strdup() copies a null terminated string into a block of allocated
 memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses Malloc() and so
+Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
 should be used in preference to the standard library strdup() because it can
 be used for memory leak checking or replacing the malloc() function.
 
-The memory allocated from BUF_strdup() should be freed up using the Free()
+The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
 function.
 
 =head1 RETURN VALUES
@@ -68,6 +68,6 @@ L<bio(3)|bio(3)>
 =head1 HISTORY
 
 BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
-versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8.
+versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/crypto.pod b/src/lib/libssl/src/doc/crypto/crypto.pod
index c3d74b4587..07ba7e5bc9 100644
--- a/src/lib/libssl/src/doc/crypto/crypto.pod
+++ b/src/lib/libssl/src/doc/crypto/crypto.pod
@@ -28,7 +28,7 @@ hash functions and a cryptographic pseudo-random number generator.
 =item SYMMETRIC CIPHERS
 
 L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
-L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<RC4(3)|RC4(3)>, L<rc5(3)|rc5(3)> 
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)> 
 
 =item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
 
@@ -40,17 +40,17 @@ L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
 
 =item AUTHENTICATION CODES, HASH FUNCTIONS
 
-L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>, L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>,
-L<RIPEMD160(3)|RIPEMD160(3)>, L<SHA1(3)|SHA1(3)> 
+L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>
 
 =item AUXILIARY FUNCTIONS
 
-L<err(3)|err(3)>, L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, L<rand(3)|rand(3)>
+L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>
 
 =item INPUT/OUTPUT, DATA ENCODING
 
-L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<pem(3)|pem(3)>,
+L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
 L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> 
 
 =item INTERNAL FUNCTIONS
diff --git a/src/lib/libssl/src/doc/crypto/des.pod b/src/lib/libssl/src/doc/crypto/des.pod
index 1ca6bfb78f..99080391b1 100644
--- a/src/lib/libssl/src/doc/crypto/des.pod
+++ b/src/lib/libssl/src/doc/crypto/des.pod
@@ -130,7 +130,7 @@ earlier versions of the library, des_random_key() did not generate
 secure keys.
 
 Before a DES key can be used, it must be converted into the
-architecture dependant I<des_key_schedule> via the
+architecture dependent I<des_key_schedule> via the
 des_set_key_checked() or des_set_key_unchecked() function.
 
 des_set_key_checked() will check that the key passed is of odd parity
@@ -200,7 +200,7 @@ reusing I<ks1> for the final encryption.  C<C=E(ks1,D(ks2,E(ks1,M)))>.
 This form of Triple-DES is used by the RSAREF library.
 
 des_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
-chaing mode used by Kerberos v4. Its parameters are the same as
+chaining mode used by Kerberos v4. Its parameters are the same as
 des_ncbc_encrypt().
 
 des_cfb_encrypt() encrypt/decrypts using cipher feedback mode.  This
@@ -241,7 +241,7 @@ compatibility with the MIT Kerberos library. des_read_pw_string()
 is also available under the name EVP_read_pw_string().
 
 des_read_pw_string() writes the string specified by I<prompt> to
-standarf output, turns echo off and reads in input string from the
+standard output, turns echo off and reads in input string from the
 terminal.  The string is returned in I<buf>, which must have space for
 at least I<length> bytes.  If I<verify> is set, the user is asked for
 the password twice and unless the two copies match, an error is
@@ -268,9 +268,9 @@ input, depending on I<out_count>, 1, 2, 3 or 4 times.  If I<output> is
 non-NULL, the 8 bytes generated by each pass are written into
 I<output>.
 
-The following are DES-based tranformations:
+The following are DES-based transformations:
 
-des_fcrypt() is a fast version of the unix crypt(3) function.  This
+des_fcrypt() is a fast version of the Unix crypt(3) function.  This
 version takes only a small amount of space relative to other fast
 crypt() implementations.  This is different to the normal crypt in
 that the third parameter is the buffer that the return value is
diff --git a/src/lib/libssl/src/doc/crypto/des_modes.pod b/src/lib/libssl/src/doc/crypto/des_modes.pod
index ee4f2238c7..8e5074d24c 100644
--- a/src/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/src/lib/libssl/src/doc/crypto/des_modes.pod
@@ -6,7 +6,7 @@ des_modes - the variants of DES and other crypto algorithms of OpenSSL
 
 =head1 DESCRIPTION
 
-Several crypto algorithms fo OpenSSL can be used in a number of modes.  Those
+Several crypto algorithms for OpenSSL can be used in a number of modes.  Those
 are used for using block ciphers in a way similar to stream ciphers, among
 other things.
 
@@ -165,13 +165,13 @@ only one bit to be in error in the deciphered plaintext.
 
 =item *
 
-OFB mode is not self-synchronising.  If the two operation of
+OFB mode is not self-synchronizing.  If the two operation of
 encipherment and decipherment get out of synchronism, the system needs
-to be re-initialised.
+to be re-initialized.
 
 =item *
 
-Each re-initialisation should use a value of the start variable
+Each re-initialization should use a value of the start variable
 different from the start variable values used before with the same
 key.  The reason for this is that an identical bit stream would be
 produced each time from the same parameters.  This would be
diff --git a/src/lib/libssl/src/doc/crypto/dh.pod b/src/lib/libssl/src/doc/crypto/dh.pod
index 0a9b7c03a2..b4be4be405 100644
--- a/src/lib/libssl/src/doc/crypto/dh.pod
+++ b/src/lib/libssl/src/doc/crypto/dh.pod
@@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
  DH *   DH_new(void);
  void   DH_free(DH *dh);
@@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement
  int    DH_generate_key(DH *dh);
  int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_openssl_method(void);
+ int DH_set_method(DH *dh, ENGINE *engine);
+ DH *DH_new_method(ENGINE *engine);
  DH_METHOD *DH_OpenSSL(void);
 
  int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod
index 80ecf38178..573500204b 100644
--- a/src/lib/libssl/src/doc/crypto/dsa.pod
+++ b/src/lib/libssl/src/doc/crypto/dsa.pod
@@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
  DSA *  DSA_new(void);
  void   DSA_free(DSA *dsa);
@@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm
  int    DSA_verify(int dummy, const unsigned char *dgst, int len,
                 unsigned char *sigbuf, int siglen, DSA *dsa);
 
- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
+ DSA *DSA_new_method(ENGINE *engine);
  DSA_METHOD *DSA_OpenSSL(void);
 
  int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
diff --git a/src/lib/libssl/src/doc/crypto/err.pod b/src/lib/libssl/src/doc/crypto/err.pod
index b824c92b57..264e30103d 100644
--- a/src/lib/libssl/src/doc/crypto/err.pod
+++ b/src/lib/libssl/src/doc/crypto/err.pod
@@ -143,7 +143,7 @@ The closing #endif etc will be automatically added by the script.
 
 The generated C error code file B<xxx_err.c> will load the header
 files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
-header file must load any additional header files containg any
+header file must load any additional header files containing any
 definitions it uses.
 
 =head1 USING ERROR CODES IN EXTERNAL LIBRARIES
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
new file mode 100644
index 0000000000..f089dd49a2
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provided a high-level interface to cryptographic
+functions.
+
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index 095e537da1..631f40377e 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-HMAC, HMAC_Init, HMAC_Update, HMAC_Final - HMAC message authentication code
+HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
+authentication code
 
 =head1 SYNOPSIS
 
diff --git a/src/lib/libssl/src/doc/crypto/lhash.pod b/src/lib/libssl/src/doc/crypto/lhash.pod
index af2c9a7102..4e87aee824 100644
--- a/src/lib/libssl/src/doc/crypto/lhash.pod
+++ b/src/lib/libssl/src/doc/crypto/lhash.pod
@@ -102,7 +102,7 @@ The following description is based on the SSLeay documentation:
 The B<lhash> library implements a hash table described in the
 I<Communications of the ACM> in 1991.  What makes this hash table
 different is that as the table fills, the hash table is increased (or
-decreased) in size via Realloc().  When a 'resize' is done, instead of
+decreased) in size via OPENSSL_realloc().  When a 'resize' is done, instead of
 all hashes being redistributed over twice as many 'buckets', one
 bucket is split.  So when an 'expand' is done, there is only a minimal
 cost to redistribute some values.  Subsequent inserts will cause more
diff --git a/src/lib/libssl/src/doc/crypto/md5.pod b/src/lib/libssl/src/doc/crypto/md5.pod
index e9d7ccd689..6e6322dcdc 100644
--- a/src/lib/libssl/src/doc/crypto/md5.pod
+++ b/src/lib/libssl/src/doc/crypto/md5.pod
@@ -2,8 +2,8 @@
 
 =head1 NAME
 
-MD2, MD5, MD2_Init, MD2_Update, MD2_Final, MD5_Init, MD5_Update,
-MD5_Final - MD2 and MD5 hash functions
+MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 
 =head1 SYNOPSIS
 
@@ -18,6 +18,17 @@ MD5_Final - MD2 and MD5 hash functions
  void MD2_Final(unsigned char *md, MD2_CTX *c);
 
 
+ #include <openssl/md4.h>
+
+ unsigned char *MD4(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void MD4_Init(MD4_CTX *c);
+ void MD4_Update(MD4_CTX *c, const void *data,
+                  unsigned long len);
+ void MD4_Final(unsigned char *md, MD4_CTX *c);
+
+
  #include <openssl/md5.h>
 
  unsigned char *MD5(const unsigned char *d, unsigned long n,
@@ -30,12 +41,13 @@ MD5_Final - MD2 and MD5 hash functions
 
 =head1 DESCRIPTION
 
-MD2 and MD5 are cryptographic hash functions with a 128 bit output.
+MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
 
-MD2() and MD5() compute the MD2 and MD5 message digest of the B<n>
-bytes at B<d> and place it in B<md> (which must have space for
-MD2_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If
-B<md> is NULL, the digest is placed in a static array.
+MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
+of the B<n> bytes at B<d> and place it in B<md> (which must have space
+for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
+bytes of output). If B<md> is NULL, the digest is placed in a static
+array.
 
 The following functions may be used if the message is not completely
 stored in memory:
@@ -48,8 +60,8 @@ be hashed (B<len> bytes at B<data>).
 MD2_Final() places the message digest in B<md>, which must have space
 for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
 
-MD5_Init(), MD5_Update() and MD5_Final() are analogous using an
-B<MD5_CTX> structure.
+MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
+MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
 
 Applications should use the higher level functions
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>
@@ -57,24 +69,25 @@ etc. instead of calling the hash functions directly.
 
 =head1 NOTE
 
-MD2 and MD5 are recommended only for compatibility with existing
+MD2, MD4, and MD5 are recommended only for compatibility with existing
 applications. In new applications, SHA-1 or RIPEMD-160 should be
 preferred.
 
 =head1 RETURN VALUES
 
-MD2() and MD5() return pointers to the hash value. 
+MD2(), MD4(), and MD5() return pointers to the hash value. 
 
-MD2_Init(), MD2_Update() MD2_Final(), MD5_Init(), MD5_Update() and
-MD5_Final() do not return values.
+MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
+MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() do not return
+values.
 
 =head1 CONFORMING TO
 
-RFC 1319, RFC 1321
+RFC 1319, RFC 1320, RFC 1321
 
 =head1 SEE ALSO
 
-L<SHA1(3)|SHA1(3)>, L<RIPEMD160(3)|RIPEMD160(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
@@ -82,4 +95,7 @@ MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
 MD5_Update() and MD5_Final() are available in all versions of SSLeay
 and OpenSSL.
 
+MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and
+above.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod
index eb8ba612c4..ef0d4df205 100644
--- a/src/lib/libssl/src/doc/crypto/rsa.pod
+++ b/src/lib/libssl/src/doc/crypto/rsa.pod
@@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/engine.h>
 
  RSA * RSA_new(void);
  void RSA_free(RSA *rsa);
@@ -31,15 +32,15 @@ rsa - RSA public key cryptosystem
  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  void RSA_blinding_off(RSA *rsa);
 
- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
+ int RSA_set_method(RSA *rsa, ENGINE *engine);
  RSA_METHOD *RSA_get_method(RSA *rsa);
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
  RSA_METHOD *RSA_PKCS1_RSAref(void);
  RSA_METHOD *RSA_null_method(void);
  int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
 
  int RSA_print(BIO *bp, RSA *x, int offset);
  int RSA_print_fp(FILE *fp, RSA *x, int offset);
@@ -96,7 +97,7 @@ SSL, PKCS #1 v2.0
 
 =head1 PATENTS
 
-RSA is covered by a US patent which expires in September 2000.
+RSA was covered by a US patent which expired in September 2000.
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/crypto/threads.pod b/src/lib/libssl/src/doc/crypto/threads.pod
index 5da056f3f8..bc7ff9b705 100644
--- a/src/lib/libssl/src/doc/crypto/threads.pod
+++ b/src/lib/libssl/src/doc/crypto/threads.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-CRYPTO_set_locking_callback, CRYPTO_set_id_callback - OpenSSL thread support
+CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
+CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
+CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
 
 =head1 SYNOPSIS
 
@@ -15,13 +18,42 @@ CRYPTO_set_locking_callback, CRYPTO_set_id_callback - OpenSSL thread support
 
  int CRYPTO_num_locks(void);
 
+
+ /* struct CRYPTO_dynlock_value needs to be defined by the user */
+ struct CRYPTO_dynlock_value;
+
+ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
+        (*dyn_create_function)(char *file, int line));
+ void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
+        (int mode, struct CRYPTO_dynlock_value *l,
+        const char *file, int line));
+ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line));
+
+ int CRYPTO_get_new_dynlockid(void);
+
+ void CRYPTO_destroy_dynlockid(int i);
+
+ void CRYPTO_lock(int mode, int n, const char *file, int line);
+
+ #define CRYPTO_w_lock(type)    \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ #define CRYPTO_w_unlock(type)  \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ #define CRYPTO_r_lock(type)    \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ #define CRYPTO_r_unlock(type)  \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ #define CRYPTO_add(addr,amount,type)   \
+        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+
 =head1 DESCRIPTION
 
 OpenSSL can safely be used in multi-threaded applications provided
-that two callback functions are set.
+that at least two callback functions are set.
 
 locking_function(int mode, int n, const char *file, int line) is
-needed to perform locking on shared data stuctures. Multi-threaded
+needed to perform locking on shared data structures. Multi-threaded
 applications will crash at random if it is not set.
 
 locking_function() must be able to handle up to CRYPTO_num_locks()
@@ -35,9 +67,59 @@ id_function(void) is a function that returns a thread ID. It is not
 needed on Windows nor on platforms where getpid() returns a different
 ID for each thread (most notably Linux).
 
+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
+of OpenSSL need it for better performance.  To enable this, the following
+is required:
+
+=over 4
+
+=item *
+Three additional callback function, dyn_create_function, dyn_lock_function
+and dyn_destroy_function.
+
+=item *
+A structure defined with the data that each lock needs to handle.
+
+=back
+
+struct CRYPTO_dynlock_value has to be defined to contain whatever structure
+is needed to handle locks.
+
+dyn_create_function(const char *file, int line) is needed to create a
+lock.  Multi-threaded applications might crash at random if it is not set.
+
+dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
+is needed to perform locking off dynamic lock numbered n. Multi-threaded
+applications might crash at random if it is not set.
+
+dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
+needed to destroy the lock l. Multi-threaded applications might crash at
+random if it is not set.
+
+CRYPTO_get_new_dynlockid() is used to create locks.  It will call
+dyn_create_function for the actual creation.
+
+CRYPTO_destroy_dynlockid() is used to destroy locks.  It will call
+dyn_destroy_function for the actual destruction.
+
+CRYPTO_lock() is used to lock and unlock the locks.  mode is a bitfield
+describing what should be done with the lock.  n is the number of the
+lock as returned from CRYPTO_get_new_dynlockid().  mode can be combined
+from the following values.  These values are pairwise exclusive, with
+undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
+should not be used together):
+
+        CRYPTO_LOCK     0x01
+        CRYPTO_UNLOCK   0x02
+        CRYPTO_READ     0x04
+        CRYPTO_WRITE    0x08
+
 =head1 RETURN VALUES
 
 CRYPTO_num_locks() returns the required number of locks.
+
+CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
+
 The other functions return no values.
 
 =head1 NOTE
@@ -52,6 +134,9 @@ You can find out if OpenSSL was configured with thread support:
    // no thread support
  #endif
 
+Also, dynamic locks are currently not used internally by OpenSSL, but
+may do so in the future.
+
 =head1 EXAMPLES
 
 B<crypto/threads/mttest.c> shows examples of the callback functions on
@@ -62,6 +147,7 @@ Solaris, Irix and Win32.
 CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
 available in all versions of SSLeay and OpenSSL.
 CRYPTO_num_locks() was added in OpenSSL 0.9.4.
+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt
index 880eace4da..5da519e7e4 100644
--- a/src/lib/libssl/src/doc/openssl.txt
+++ b/src/lib/libssl/src/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
 that will copy all the subject alternative name values from the issuer 
 certificate (if possible).
 
+Example:
+
+issuserAltName = issuer:copy
+
+Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+
+Example:
+
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
 CRL distribution points.
 
 This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
 after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
 example.
 
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+
+int i;
+void *ext;
+
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
+
 3. Generating extensions.
 
 An extension will typically be generated from a configuration file, or some
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
new file mode 100644
index 0000000000..7fea14ee68
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
+SSL_CIPHER_description - get SSL_CIPHER properties
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
+ int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
+ char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
+ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
+
+=head1 DESCRIPTION
+
+SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
+argument is the NULL pointer, a pointer to the constant value "NONE" is
+returned.
+
+SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If
+B<alg_bits> is not NULL, it contains the number of bits processed by the
+chosen algorithm. If B<cipher> is NULL, 0 is returned.
+
+SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
+"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
+
+SSL_CIPHER_description() returns a textual description of the cipher used
+into the buffer B<buf> of length B<len> provided. B<len> must be at least
+128 bytes, otherwise the string "Buffer too small" is returned. If B<buf>
+is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the
+allocation fails, the string "OPENSSL_malloc Error" is returned.
+
+=head1 NOTES
+
+The number of bits processed can be different from the secret bits. An
+export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
+does use the full 128 bits (which would be returned for B<alg_bits>), of
+which however 88bits are fixed. The search space is hence only 40 bits.
+
+=head1 BUGS
+
+If SSL_CIPHER_description() is called with B<cipher> being NULL, the
+library crashes.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod
new file mode 100644
index 0000000000..de69672422
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_free - free an allocated SSL_CTX object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_free(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
+the reference count has reached 0.
+
+It also calls the free()ing procedures for indirectly affected items, if
+applicable: the session cacahe, the list of ciphers, the list of Client CAs,
+the certificates and keys.
+
+=head1 RETURN VALUES
+
+SSL_CTX_free() does not provide diagnostic information.
+
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
new file mode 100644
index 0000000000..e166c692c3
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
+
+=head1 DESCRIPTION
+
+SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
+TLS/SSL enabled connections.
+
+=head1 NOTES
+
+The SSL_CTX object uses B<method> as connection method. The methods exist
+in a generic type (for client and server use), a server only type, and a
+client only type. B<method> can be of the following types:
+
+=over 4
+
+=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand
+the SSLv2 protocol. A client will send out SSLv2 client hello messages
+and will also indicate that it only understand SSLv2. A server will only
+understand SSLv2 client hello messages.
+
+=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages
+and will indicate that it also understands TLSv1. A server will only understand
+SSLv3 and TLSv1 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*_method().
+
+=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol. A client will send out TLSv1 client hello messages
+and will indicate that it only understands TLSv1. A server will only understand
+TLSv1 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*_method().
+
+=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
+
+A TLS/SSL connection established with these methods will understand the SSLv2,
+SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
+and will indicate that it also understands SSLv3 and TLSv1. A server will
+understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
+choice when compatibility is a concern.
+
+=back
+
+The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
+SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
+B<SSL_set_options()> functions. Using these options it is possible to choose
+e.g. SSLv23_server_method() and be able to negotiate with all possible
+clients, but to only allow newer protocols like SSLv3 or TLSv1.
+
+SSL_CTX_new() initializes the list of ciphers, the session cache setting,
+the callbacks, the keys and certificates, and the options to its default
+values.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL_CTX object failed. Check the error stack to
+find out the reason.
+
+=item Pointer to an SSL_CTX object
+
+The return value points to an allocated SSL_CTX object.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod
new file mode 100644
index 0000000000..272d6b3de2
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cipher_list, SSL_set_cipher_list 
+- choose list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+ int SSL_set_cipher_list(SSL *ssl, const char *str);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx>
+using the control string B<str>. The format of the string is described
+in L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all
+B<ssl> objects created from B<ctx>.
+
+SSL_set_cipher_list() sets the list of ciphers only for B<ssl>.
+
+=head1 NOTES
+
+The control string B<str> should be universally usable and not depend
+on details of the library configuration (ciphers compiled in). Thus no
+syntax checking takes place. Items that are not recognized, because the
+corresponding ciphers are not compiled in or because they are mistyped,
+are simply ignored. Failure is only flagged if no ciphers could be collected
+at all.
+
+It should be noted, that inclusion of a cipher to be used into the list is
+a necessary condition. On the client side, the inclusion into the list is
+also sufficient. On the server side, additional restrictions apply. All ciphers
+have additional requirements. ADH ciphers don't need a certificate, but
+DH-parameters must have been set. All other ciphers need a corresponding
+certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
+available, the respective is valid for DSA ciphers. Ciphers using EDH need
+a certificate and key and DH-parameters.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
+could be selected and 0 on complete failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
new file mode 100644
index 0000000000..3091bd6895
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+- choose a new TLS/SSL method
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+ SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
+newly created from this B<ctx>. SSL objects already created with
+L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is
+being called.
+
+SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
+object. It may be reset, when SSL_clear() is called.
+
+SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
+set in B<ssl>.
+
+=head1 NOTES
+
+The available B<method> choices are described in
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
+
+When SSL_clear() is called and no session is connected to an SSL object,
+the method of the SSL object is reset to the method currently set in
+the corresponding SSL_CTX object.
+
+=head1 RETURN VALUES
+
+The following return values can occur for SSL_CTX_set_ssl_version()
+and SSL_set_ssl_method():
+
+=over 4
+
+=item 0
+
+The new choice failed, check the error stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod
new file mode 100644
index 0000000000..df30ccbb32
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_free.pod
@@ -0,0 +1,25 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_free - free an allocated SSL_SESSION structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_SESSION_free(SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_free() decrements the reference count of B<session> and removes
+the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+memory, if the the reference count has reached 0.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_free() does not provide diagnostic information.
+
+L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_accept.pod b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
new file mode 100644
index 0000000000..0c79ac515e
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_accept(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
+The communication channel must already have been set and assigned to the
+B<ssl> by setting an underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_accept() depends on the underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_accept() will only return once the
+handshake has been finished or an error occurred, except for SGC (Server
+Gated Cryptography). For SGC, SSL_accept() may return with -1, but
+SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and SSL_accept()
+should be called again.
+
+If the underlying BIO is B<non-blocking>, SSL_accept() will also return
+when the underlying BIO could not satisfy the needs of SSL_accept()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_accept().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item 0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item -1
+
+The TLS/SSL handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_clear.pod b/src/lib/libssl/src/doc/ssl/SSL_clear.pod
new file mode 100644
index 0000000000..862fd8291d
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_clear.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+SSL_clear - reset SSL object to allow another connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_clear(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Reset B<ssl> to allow another connection. All settings (method, ciphers,
+BIOs) are kept. A completely negotiated B<SSL_SESSION> is not freed but left
+untouched for the underlying B<SSL_CTX>.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The SSL_clear() operation could not be performed. Check the error stack to
+find out the reason.
+
+=item 1
+
+The SSL_clear() operation was successful.
+
+=back
+
+L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_connect.pod b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
new file mode 100644
index 0000000000..debe41744f
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_connect(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_connect() initiates the TLS/SSL handshake with a server. The communication
+channel must already have been set and assigned to the B<ssl> by setting an
+underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_connect() depends on the underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_connect() will only return once the
+handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_connect() will also return
+when the underlying BIO could not satisfy the needs of SSL_connect()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_connect().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item 0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item -1
+
+The TLS/SSL handshake was not successful, because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_free.pod b/src/lib/libssl/src/doc/ssl/SSL_free.pod
new file mode 100644
index 0000000000..f3f0c345f8
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_free.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+SSL_free - free an allocated SSL structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_free(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_free() decrements the reference count of B<ssl>, and removes the SSL
+structure pointed to by B<ssl> and frees up the allocated memory if the
+the reference count has reached 0.
+
+It also calls the free()ing procedures for indirectly affected items, if
+applicable: the buffering BIO, the read and write BIOs,
+cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
+Do not explicitly free these indirectly freed up items before or after
+calling SSL_free(), as trying to free things twice may lead to program
+failure.
+
+=head1 RETURN VALUES
+
+SSL_free() does not provide diagnostic information.
+
+L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod
new file mode 100644
index 0000000000..2a57455c23
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl);
+ const char *SSL_get_cipher_list(SSL *ssl, int priority);
+
+=head1 DESCRIPTION
+
+SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
+sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
+is returned.
+
+SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
+listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
+available, or there are less ciphers than B<priority> available, NULL
+is returned.
+
+=head1 NOTES
+
+The details of the ciphers obtained by SSL_get_ciphers() can be obtained using
+the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions.
+
+Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
+sorted list of available ciphers, until NULL is returned.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod b/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod
new file mode 100644
index 0000000000..2dd7261d89
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
+ #define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+ #define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+ #define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+ #define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+
+=head1 DESCRIPTION
+
+SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
+the description of the actually used cipher of a connection established with
+the B<ssl> object.
+
+SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
+name of the currently used cipher. SSL_get_cipher_bits() is a
+macro to obtain the number of secret/algorithm bits used and 
+SSL_get_cipher_version() returns the protocol name.
+See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details.
+
+=head1 RETURN VALUES
+
+SSL_get_current_cipher() returns the cipher actually used or NULL, when
+no session has been established.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
index 9cacdedc57..d85b564258 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-SSL_get_error - obtain result code for SSL I/O operation
+SSL_get_error - obtain result code for TLS/SSL I/O operation
 
 =head1 SYNOPSIS
 
@@ -15,14 +15,14 @@ SSL_get_error - obtain result code for SSL I/O operation
 SSL_get_error() returns a result code (suitable for the C "switch"
 statement) for a preceding call to SSL_connect(), SSL_accept(),
 SSL_read(), or SSL_write() on B<ssl>.  The value returned by that
-SSL I/O function must be passed to SSL_get_error() in parameter
+TLS/SSL I/O function must be passed to SSL_get_error() in parameter
 B<ret>.
 
 In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
 current thread's OpenSSL error queue.  Thus, SSL_get_error() must be
-used in the same thread that performed the SSL I/O operation, and no
+used in the same thread that performed the TLS/SSL I/O operation, and no
 other OpenSSL function calls should appear in between.  The current
-thread's error queue must be empty before the SSL I/O operation is
+thread's error queue must be empty before the TLS/SSL I/O operation is
 attempted, or SSL_get_error() will not work reliably.
 
 =head1 RETURN VALUES
@@ -33,27 +33,29 @@ The following return values can currently occur:
 
 =item SSL_ERROR_NONE
 
-The SSL I/O operation completed.  This result code is returned
+The TLS/SSL I/O operation completed.  This result code is returned
 if and only if B<ret E<gt> 0>.
 
 =item SSL_ERROR_ZERO_RETURN
 
-The SSL connection has been closed.  If the protocol version is SSL 3.0
+The TLS/SSL connection has been closed.  If the protocol version is SSL 3.0
 or TLS 1.0, this result code is returned only if a closure
-alerts has occurred in the protocol, i.e. if the connection has been
-closed cleanly.
+alert has occurred in the protocol, i.e. if the connection has been
+closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
+does not necessarily indicate that the underlying transport
+has been closed.
 
 =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
 
-The operation did not complete; the same SSL I/O function should be
+The operation did not complete; the same TLS/SSL I/O function should be
 called again later.  There will be protocol progress if, by then, the
 underlying B<BIO> has data available for reading (if the result code is
 B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>). 
 For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that
 select() or poll() on the underlying socket can be used to find out
-when the SSL I/O function should be retried.
+when the TLS/SSL I/O function should be retried.
 
-Caveat: Any SSL I/O function can lead to either of
+Caveat: Any TLS/SSL I/O function can lead to either of
 B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read()
 may want to write data and SSL_write() may want to read data.
 
@@ -61,7 +63,7 @@ may want to write data and SSL_write() may want to read data.
 
 The operation did not complete because an application callback set by
 SSL_CTX_set_client_cert_cb() has asked to be called again.
-The SSL I/O function should be called again later.
+The TLS/SSL I/O function should be called again later.
 Details depend on the application.
 
 =item SSL_ERROR_SYSCALL
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod b/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod
new file mode 100644
index 0000000000..a3f7625931
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_get_fd - get file descriptor linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_fd(SSL *ssl);
+ int SSL_get_rfd(SSL *ssl);
+ int SSL_get_wfd(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_fd() returns the file descriptor which is linked to B<ssl>.
+SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the
+read or the write channel, which can be different. If the read and the
+write channel are different, SSL_get_fd() will return the file descriptor
+of the read channel.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item -1
+
+The operation failed, because the underlying BIO is not of the correct type
+(suitable for file descriptors).
+
+=item E<gt>=0
+
+The file descriptor linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
new file mode 100644
index 0000000000..e93e8206fa
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
+forming the certificate chain of the peer. If called on the client side,
+the stack also contains the peer's certificate; if called on the server
+side, the peer's certificate must be obtained seperately using
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
+If the peer did not present a certificate, NULL is returned.
+
+=head1 NOTES
+
+The peer certificate chain is not necessarily available after reusing
+a session, in which case a NULL pointer is returned.
+
+The reference count of the STACKOF(X509) object is not incremented.
+If the corresponding session is freed, the pointer must not be used
+any longer.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established
+or the certificate chain is no longer available when a session is reused.
+
+=item Pointer to a STACKOF(X509)
+
+The return value points to the certificate chain presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
new file mode 100644
index 0000000000..79c089aa51
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_certificate - get the X509 certificate of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509 *SSL_get_peer_certificate(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_certificate() returns a pointer to the X509 certificate the
+peer presented. If the peer did not present a certificate, NULL is returned.
+
+=head1 NOTES
+
+That a certificate is returned does not indicate information about the
+verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+to check the verification state.
+
+The reference count of the X509 object is incremented by one, so that it
+will not be destroyed when the session containing the peer certificate is
+freed. The X509 object must be explicitely freed using X509_free().
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established.
+
+=item Pointer to an X509 certificate
+
+The return value points to the certificate presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_rbio.pod b/src/lib/libssl/src/doc/ssl/SSL_get_rbio.pod
new file mode 100644
index 0000000000..3d98233cac
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_rbio.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+SSL_get_rbio - get BIO linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ BIO *SSL_get_rbio(SSL *ssl);
+ BIO *SSL_get_wbio(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the
+read or the write channel, which can be different. The reference count
+of the BIO is not incremented.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No BIO was connected to the SSL object
+
+=item Any other pointer
+
+The BIO linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_session.pod b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
new file mode 100644
index 0000000000..aff41fb9cf
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+SSL_get_session - retrieve TLS/SSL session data
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *SSL_get_session(SSL *ssl);
+ SSL_SESSION *SSL_get0_session(SSL *ssl);
+ SSL_SESSION *SSL_get1_session(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
+B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
+that the pointer can become invalid when the B<ssl> is freed and
+SSL_SESSION_free() is implicitly called.
+
+SSL_get0_session() is the same as SSL_get_session().
+
+SSL_get1_session() is the same as SSL_get_session(), but the reference
+count of the B<SSL_SESSION> is incremented by one.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+There is no session available in B<ssl>.
+
+=item Pointer to an SSL
+
+The return value points to the data of an SSL session.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
new file mode 100644
index 0000000000..4d66236a05
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_get_verify_result - get result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_verify_result(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_verify_result() returns the result of the verification of the
+X509 certificate presented by the peer, if any.
+
+=head1 NOTES
+
+SSL_get_verify_result() can only return one error code while the verification
+of a certificate can fail because of many reasons at the same time. Only
+the last verification error that occured during the processing is available
+from SSL_get_verify_result().
+
+The verification result is part of the established session and is restored
+when a session is reused.
+
+=head1 BUGS
+
+If no peer certificate was presented, the returned result code is
+X509_V_OK. This is because no verification error occured, it does however
+not indicate success. SSL_get_verify_result() is only useful in connection
+with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item X509_V_OK
+
+The verification succeeded or no peer certificate was presented.
+
+=item Any other value
+
+Documented in L<verify(1)|verify(1)>.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_verify_result(3)|SSL_set_verify_result(3)>,
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<verify(1)|verify(1)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_library_init.pod b/src/lib/libssl/src/doc/ssl/SSL_library_init.pod
new file mode 100644
index 0000000000..ecf3c4858e
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_library_init.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+- initialize SSL library by registering algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_library_init(void);
+ #define OpenSSL_add_ssl_algorithms()    SSL_library_init()
+ #define SSLeay_add_ssl_algorithms()     SSL_library_init()
+
+=head1 DESCRIPTION
+
+SSL_library_init() registers the available ciphers and digests.
+
+OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
+for SSL_library_init().
+
+=head1 NOTES
+
+SSL_library_init() must be called before any other action takes place.
+
+=head1 WARNING
+
+SSL_library_init() only registers ciphers. Another important initialization
+is the seeding of the PRNG (Pseudo Random Number Generator), which has to
+be performed separately.
+
+=head1 EXAMPLES
+
+A typical TLS/SSL application will start with the library initialization,
+will provide readable error messages and will seed the PRNG.
+
+ SSL_load_error_strings();                /* readable error messages */
+ SSL_library_init();                      /* initialize library */
+ actions_to_seed_PRNG(); 
+
+=head1 RETURN VALUES
+
+SSL_library_init() always returns "1", so it is safe to discard the return
+value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
+L<RAND_add(3)|RAND_add(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_new.pod b/src/lib/libssl/src/doc/ssl/SSL_new.pod
new file mode 100644
index 0000000000..8e8638fa95
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_new.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_new - create a new SSL structure for a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL *SSL_new(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_new() creates a new B<SSL> structure which is needed to hold the
+data for a TLS/SSL connection. The new structure inherits the settings
+of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
+options, verification settings, timeout settings.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL structure failed. Check the error stack to
+find out the reason.
+
+=item Pointer to an SSL structure
+
+The return value points to an allocated SSL structure.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_pending.pod b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
new file mode 100644
index 0000000000..744e1855e1
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+SSL_pending - obtain number of readable bytes buffered in an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_pending(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_pending() returns the number of bytes which are available inside
+B<ssl> for immediate read.
+
+=head1 NOTES
+
+Data are received in blocks from the peer. Therefore data can be buffered
+inside B<ssl> and are ready for immediate retrieval with
+L<SSL_read(3)|SSL_read(3)>.
+
+=head1 RETURN VALUES
+
+The number of bytes pending is returned.
+
+L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_read.pod b/src/lib/libssl/src/doc/ssl/SSL_read.pod
new file mode 100644
index 0000000000..072dc26cf2
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_read.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_read - read bytes from a TLS/SSL connection.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_read(SSL *ssl, char *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
+buffer B<buf>.
+
+=head1 NOTES
+
+If necessary, SSL_read() will negotiate a TLS/SSL session, if
+not already explicitly performed by SSL_connect() or SSL_accept(). If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_read() operation. The behaviour of SSL_read() depends on the
+underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+read operation has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_read() will also return
+when the underlying BIO could not satisfy the needs of SSL_read()
+to continue the operation. In this case a call to SSL_get_error() with the
+return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_read() can also cause write operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_read(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+=head1 WARNING
+
+When an SSL_read() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt>0
+
+The read operation was successful; the return value is the number of
+bytes actually read from the TLS/SSL connection.
+
+=item 0
+
+The read operation was not successful, probably because no data was
+available. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred.
+
+=item -1
+
+The read operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_bio.pod b/src/lib/libssl/src/doc/ssl/SSL_set_bio.pod
new file mode 100644
index 0000000000..67c9756d3f
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_bio.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+SSL_set_bio - connect the SSL object with a BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=head1 DESCRIPTION
+
+SSL_set_bio() connects the BIOs B<rbio> and B<wbio> for the read and write
+operations of the TLS/SSL (encrypted) side of B<ssl>.
+
+The SSL engine inherits the behaviour of B<rbio> and B<wbio>, respectively.
+If a BIO is non-blocking, the B<ssl> will also have non-blocking behaviour.
+
+If there was already a BIO connected to B<ssl>, BIO_free() will be called
+(for both the reading and writing side, if different).
+
+=head1 RETURN VALUES
+
+SSL_set_bio() cannot fail.
+
+=head1 SEE ALSO
+
+L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_fd.pod b/src/lib/libssl/src/doc/ssl/SSL_set_fd.pod
new file mode 100644
index 0000000000..70291128fc
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_fd.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_set_fd - connect the SSL object with a file descriptor
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_fd(SSL *ssl, int fd);
+ int SSL_set_rfd(SSL *ssl, int fd);
+ int SSL_set_wfd(SSL *ssl, int fd);
+
+=head1 DESCRIPTION
+
+SSL_set_fd() sets the file descriptor B<fd> as the input/output facility
+for the TLS/SSL (encrypted) side of B<ssl>. B<fd> will typically be the
+socket file descriptor of a network connection.
+
+When performing the operation, a B<socket BIO> is automatically created to
+interface between the B<ssl> and B<fd>. The BIO and hence the SSL engine
+inherit the behaviour of B<fd>. If B<fd> is non-blocking, the B<ssl> will
+also have non-blocking behaviour.
+
+If there was already a BIO connected to B<ssl>, BIO_free() will be called
+(for both the reading and writing side, if different).
+
+SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only
+for the read channel or the write channel, which can be set independently.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The operation failed. Check the error stack to find out why.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_fd(3)|SSL_get_fd(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_session.pod b/src/lib/libssl/src/doc/ssl/SSL_set_session.pod
new file mode 100644
index 0000000000..9f78d9e434
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_session.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_set_session() sets B<session> to be used when the TLS/SSL connection
+is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+When the session is set, the reference count of B<session> is incremented
+by 1. If the session is not reused, the reference count is decremented
+again during SSL_connect().
+
+If there is already a session set inside B<ssl> (because it was set with
+SSL_set_session() before or because the same B<ssl> was already used for
+a connection), SSL_SESSION_free() will be called for that session.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The operation failed; check the error stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_verify_result.pod b/src/lib/libssl/src/doc/ssl/SSL_set_verify_result.pod
new file mode 100644
index 0000000000..04ab101aad
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_verify_result.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+SSL_set_verify_result - override result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_verify_result(SSL *ssl, long verify_result);
+
+=head1 DESCRIPTION
+
+SSL_set_verify_result() sets B<verify_result> of the object B<ssl> to be the
+result of the verification of the X509 certificate presented by the peer,
+if any.
+
+=head1 NOTES
+
+SSL_set_verify_result() overrides the verification result. It only changes
+the verification result of the B<ssl> object. It does not become part of the
+established session, so if the session is to be reused later, the original
+value will reappear.
+
+The valid codes for B<verify_result> are documented in L<verify(1)|verify(1)>.
+
+=head1 RETURN VALUES
+
+SSL_set_verify_result() does not provide a return value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<verify(1)|verify(1)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
new file mode 100644
index 0000000000..20e273bd4d
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+SSL_shutdown - shut down a TLS/SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_shutdown(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_shutdown() shuts down an active TLS/SSL connection. It sends the shutdown
+alert to the peer. The behaviour of SSL_shutdown() depends on the underlying
+BIO. 
+
+If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+when the underlying BIO could not satisfy the needs of SSL_shutdown()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_shutdown() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_shutdown().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The shutdown was successfully completed.
+
+=item 0
+
+The shutdown was not successful. Call SSL_get_error() with the return
+value B<ret> to find out the reason.
+
+=item -1
+
+The shutdown was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. It can also occur of
+action is need to continue the operation for non-blocking BIOs.
+Call SSL_get_error() with the return value B<ret> to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_write.pod b/src/lib/libssl/src/doc/ssl/SSL_write.pod
new file mode 100644
index 0000000000..db67c187e0
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_write.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+SSL_read - write bytes to a TLS/SSL connection.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_write(SSL *ssl, char *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
+B<ssl> connection.
+
+=head1 NOTES
+
+If necessary, SSL_write() will negotiate a TLS/SSL session, if
+not already explicitly performed by SSL_connect() or SSL_accept(). If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_write() operation. The behaviour of SSL_write() depends on the
+underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+write operation has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_write() will also return,
+when the underlying BIO could not satisfy the needs of SSL_write()
+to continue the operation. In this case a call to SSL_get_error() with the
+return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_write() can also cause write operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_write(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+=head1 WARNING
+
+When an SSL_write() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt>0
+
+The write operation was successful, the return value is the number of
+bytes actually written to the TLS/SSL connection.
+
+=item 0
+
+The write operation was not successful. Call SSL_get_error() with the return
+value B<ret> to find out, whether an error occurred.
+
+=item -1
+
+The read operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 9dae13d9eb..7787376f7b 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -83,7 +83,7 @@ B<SSL> structures which are later created for the connections.
 
 =item B<SSL_SESSION> (SSL Session)
 
-This is a structure containing the current SSL session details for a
+This is a structure containing the current TLS/SSL session details for a
 connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
 
 =item B<SSL> (SSL Connection)
@@ -163,7 +163,7 @@ Determine the number of bits in I<cipher>. Because of export crippled ciphers
 there are two bits: The bits the algorithm supports in general (stored to
 I<alg_bits>) and the bits which are actually used (the return value).
 
-=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
 
 Return the internal name of I<cipher> as a string. These are the various
 strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
@@ -437,7 +437,7 @@ connection defined in the B<SSL> structure.
 
 =item X509 *B<SSL_get_certificate>(SSL *ssl);
 
-=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+=item const char *B<SSL_get_cipher>(SSL *ssl);
 
 =item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
 
@@ -624,7 +624,21 @@ connection defined in the B<SSL> structure.
 =head1 SEE ALSO
 
 L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
-L<SSL_get_error(3)|SSL_get_error(3)>
+L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
+L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
+L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/standards.txt b/src/lib/libssl/src/doc/standards.txt
new file mode 100644
index 0000000000..61ccc5d7e0
--- /dev/null
+++ b/src/lib/libssl/src/doc/standards.txt
@@ -0,0 +1,121 @@
+Standards related to OpenSSL
+============================
+
+[Please, this is currently a draft.  I made a first try at finding
+ documents that describe parts of what OpenSSL implements.  There are
+ big gaps, and I've most certainly done something wrong.  Please
+ correct whatever is...  Also, this note should be removed when this
+ file is reaching a somewhat correct state.        -- Richard Levitte]
+
+
+All pointers in here will be either URL's or blobs of text borrowed
+from miscellaneous indexes, like rfc-index.txt (index of RFCs),
+1id-index.txt (index of Internet drafts) and the like.
+
+To find the latest possible RFCs, it's recommended to either browse
+ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
+use the search mechanism found there.
+To find the latest possible Internet drafts, it's recommended to
+browse ftp://ftp.isi.edu/internet-drafts/.
+To find the latest possible PKCS, it's recommended to browse
+http://www.rsasecurity.com/rsalabs/pkcs/.
+
+
+Implemented:
+------------
+
+These are documents that describe things that are implemented in OpenSSL.
+
+1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
+     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
+
+1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=32407 bytes) (Status: INFORMATIONAL)
+
+1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=35222 bytes) (Status: INFORMATIONAL)
+
+2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
+     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
+
+2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
+     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
+
+2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
+
+2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+
+2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+     J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+     RFC2313) (Status: INFORMATIONAL)
+
+2459 Internet X.509 Public Key Infrastructure Certificate and CRL
+     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
+     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
+
+PKCS#8: Private-Key Information Syntax Standard
+
+PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+
+
+Related:
+--------
+
+These are documents that are close to OpenSSL, for example the
+STARTTLS documents.
+
+1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
+     Encryption and Authentication Procedures. J. Linn. February 1993.
+     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
+     STANDARD)
+
+1422 Privacy Enhancement for Internet Electronic Mail: Part II:
+     Certificate-Based Key Management. S. Kent. February 1993. (Format:
+     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
+
+1423 Privacy Enhancement for Internet Electronic Mail: Part III:
+     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
+     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
+     STANDARD)
+
+1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
+     Certification and Related Services. B. Kaliski. February 1993.
+     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
+
+2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
+     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+
+2585 Internet X.509 Public Key Infrastructure Operational Protocols:
+     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
+     bytes) (Status: PROPOSED STANDARD)
+
+2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
+     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
+     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
+     STANDARD)
+
+2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
+     (Status: INFORMATIONAL)
+
+  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+ 
+
+To be implemented:
+------------------
+
+These are documents that describe things that are planed to be
+implemented in the hopefully short future.
+
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 406bd4fc78..318e83edb5 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -87,6 +87,7 @@ extern "C" {
 #  ifndef MAC_OS_GUSI_SOURCE
 #    define MAC_OS_pre_X
 #    define NO_SYS_TYPES_H
+     typedef long ssize_t;
 #  endif
 #  define NO_SYS_PARAM_H
 #  define NO_CHMOD
@@ -107,11 +108,11 @@ extern "C" {
 #  define MS_STATIC
 #endif
 
-#if defined(_WIN32) && !defined(WIN32)
+#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__)
 #  define WIN32
 #endif
 
-#if defined(WIN32) || defined(WIN16)
+#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__)
 #  ifndef WINDOWS
 #    define WINDOWS
 #  endif
@@ -135,7 +136,7 @@ extern "C" {
 #define clear_sys_error()       errno=0
 #endif
 
-#ifdef WINDOWS
+#if defined(WINDOWS) && !defined(__CYGWIN32__)
 #define get_last_socket_error() WSAGetLastError()
 #define clear_socket_error()    WSASetLastError(0)
 #define readsocket(s,b,n)       recv((s),(b),(n),0)
@@ -169,7 +170,7 @@ extern "C" {
 #  define NO_FP_API
 #endif
 
-#if defined(WINDOWS) || defined(MSDOS)
+#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__)
 
 #ifndef S_IFDIR
 #define S_IFDIR _S_IFDIR
@@ -259,6 +260,9 @@ extern "C" {
 #    define NO_SYS_PARAM_H
 #  else
      /* !defined VMS */
+#    ifdef MPE
+#      define NO_SYS_PARAM_H
+#    endif
 #    ifdef OPENSSL_UNISTD
 #      include OPENSSL_UNISTD
 #    else
@@ -267,6 +271,16 @@ extern "C" {
 #    ifndef NO_SYS_TYPES_H
 #      include <sys/types.h>
 #    endif
+#    if defined(NeXT) || defined(NEWS4)
+#      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
+                         * (unless when compiling with -D_POSIX_SOURCE,
+                         * which doesn't work for us) */
+#      define ssize_t int /* ditto */
+#    endif
+#    ifdef NEWS4 /* setvbuf is missing on mips-sony-bsd */
+#      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
+       typedef unsigned long clock_t;
+#    endif
 
 #    define OPENSSL_CONF        "openssl.cnf"
 #    define SSLEAY_CONF         OPENSSL_CONF
@@ -318,7 +332,9 @@ extern HINSTANCE _hInstance;
 #    ifndef NO_SYS_PARAM_H
 #      include <sys/param.h>
 #    endif
-#    include <sys/time.h> /* Needed under linux for FD_XXX */
+#    ifndef MPE
+#      include <sys/time.h> /* Needed under linux for FD_XXX */
+#    endif
 
 #    include <netdb.h>
 #    if defined(VMS) && !defined(__DECC)
@@ -341,6 +357,10 @@ extern HINSTANCE _hInstance;
 #      include <sys/select.h>
 #    endif
 
+#    ifdef __QNX__
+#      include <sys/select.h>
+#    endif
+
 #    if defined(sun)
 #      include <sys/filio.h>
 #    else
@@ -375,6 +395,15 @@ extern HINSTANCE _hInstance;
 #endif
 #endif
 
+#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+extern char *sys_errlist[]; extern int sys_nerr;
+# define strerror(errnum) \
+        (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+#endif
+
 /***********************************************/
 
 /* do we need to do this for getenv.
diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h
index bd97b921a8..5a25ac7cf6 100644
--- a/src/lib/libssl/src/e_os2.h
+++ b/src/lib/libssl/src/e_os2.h
@@ -3,12 +3,12 @@
 #ifndef HEADER_E_OS2_H
 #define HEADER_E_OS2_H
 
+#include <openssl/opensslconf.h> /* OPENSSL_UNISTD */
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/opensslconf.h> /* OPENSSL_UNISTD */
-
 #ifdef MSDOS
 # define OPENSSL_UNISTD_IO <io.h>
 # define OPENSSL_DECLARE_EXIT extern void exit(int);
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
index e89b309e87..733e0e6f4f 100644
--- a/src/lib/libssl/src/makevms.com
+++ b/src/lib/libssl/src/makevms.com
@@ -314,7 +314,11 @@ $! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
 $!
 $ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files."
 $!
-$ DELETE SYS$DISK:[.APPS]MD5.C;*,RMD160.C;*
+$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;*
+$!
+$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
 $!
 $! Copy MD5.C from [.CRYPTO.MD5] into [.APPS]
 $!
@@ -357,14 +361,14 @@ $ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
 $!
-$ SDIRS := ,MD2,MD5,SHA,MDC2,HMAC,RIPEMD,-
+$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
    DES,RC2,RC4,RC5,IDEA,BF,CAST,-
-   BN,RSA,DSA,DH,-
+   BN,RSA,DSA,DH,DSO,ENGINE,-
    BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
-   EVP,ASN1,PEM,X509,X509V3,-
-   CONF,TXT_DB,PKCS7,PKCS12,COMP
-$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h
+   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP
+$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h
 $ EXHEADER_MD2 := md2.h
+$ EXHEADER_MD4 := md4.h
 $ EXHEADER_MD5 := md5.h
 $ EXHEADER_SHA := sha.h
 $ EXHEADER_MDC2 := mdc2.h
@@ -381,19 +385,21 @@ $ EXHEADER_BN := bn.h
 $ EXHEADER_RSA := rsa.h
 $ EXHEADER_DSA := dsa.h
 $ EXHEADER_DH := dh.h
+$ EXHEADER_DSO := dso.h
+$ EXHEADER_ENGINE := engine.h
 $ EXHEADER_BUFFER := buffer.h
 $ EXHEADER_BIO := bio.h
 $ EXHEADER_STACK := stack.h,safestack.h
 $ EXHEADER_LHASH := lhash.h
 $ EXHEADER_RAND := rand.h
 $ EXHEADER_ERR := err.h
-$ EXHEADER_OBJECTS := objects.h
+$ EXHEADER_OBJECTS := objects.h,obj_mac.h
 $ EXHEADER_EVP := evp.h
 $ EXHEADER_ASN1 := asn1.h,asn1_mac.h
 $ EXHEADER_PEM := pem.h,pem2.h
 $ EXHEADER_X509 := x509.h,x509_vfy.h
 $ EXHEADER_X509V3 := x509v3.h
-$ EXHEADER_CONF := conf.h
+$ EXHEADER_CONF := conf.h,conf_api.h
 $ EXHEADER_TXT_DB := txt_db.h
 $ EXHEADER_PKCS7 := pkcs7.h
 $ EXHEADER_PKCS12 := pkcs12.h
@@ -424,11 +430,6 @@ $!
 $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h
 $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
-$! Copy All The ".H" Files From The [.VMS] Directory.
-$!
-$ EXHEADER := vms_idhacks.h
-$ COPY SYS$DISK:[.VMS]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
-$!
 $! Purge all doubles
 $!
 $ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H
diff --git a/src/lib/libssl/src/ms/mingw32.bat b/src/lib/libssl/src/ms/mingw32.bat
index 1726c55bcd..db70b8580e 100644
--- a/src/lib/libssl/src/ms/mingw32.bat
+++ b/src/lib/libssl/src/ms/mingw32.bat
@@ -76,6 +76,8 @@ rem Create files -- this can be skipped if using the GNU file utilities
 make -f ms/mingw32f.mak

 echo You can ignore the error messages above

 

+copy ms\tlhelp32.h outinc

+

 echo Building the libraries

 make -f ms/mingw32a.mak

 if errorlevel 1 goto end

diff --git a/src/lib/libssl/src/ms/tlhelp32.h b/src/lib/libssl/src/ms/tlhelp32.h
new file mode 100644
index 0000000000..8f4222e34f
--- /dev/null
+++ b/src/lib/libssl/src/ms/tlhelp32.h
@@ -0,0 +1,136 @@
+/*
+        tlhelp32.h - Include file for Tool help functions.
+
+        Written by Mumit Khan <khan@nanotech.wisc.edu>
+
+        This file is part of a free library for the Win32 API. 
+
+        This library is distributed in the hope that it will be useful,
+        but WITHOUT ANY WARRANTY; without even the implied warranty of
+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+*/
+#ifndef _TLHELP32_H
+#define _TLHELP32_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+#define HF32_DEFAULT    1
+#define HF32_SHARED     2
+#define LF32_FIXED      0x1
+#define LF32_FREE       0x2
+#define LF32_MOVEABLE   0x4
+#define MAX_MODULE_NAME32       255
+#define TH32CS_SNAPHEAPLIST     0x1
+#define TH32CS_SNAPPROCESS      0x2
+#define TH32CS_SNAPTHREAD       0x4
+#define TH32CS_SNAPMODULE       0x8
+#define TH32CS_SNAPALL  (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
+#define TH32CS_INHERIT  0x80000000
+typedef struct tagHEAPLIST32 {
+        DWORD dwSize;
+        DWORD th32ProcessID;
+        DWORD th32HeapID;
+        DWORD dwFlags;
+} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32;
+typedef struct tagHEAPENTRY32 {
+        DWORD dwSize;
+        HANDLE hHandle;
+        DWORD dwAddress;
+        DWORD dwBlockSize;
+        DWORD dwFlags;
+        DWORD dwLockCount;
+        DWORD dwResvd;
+        DWORD th32ProcessID;
+        DWORD th32HeapID;
+} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32;
+typedef struct tagPROCESSENTRY32W {
+        DWORD dwSize;
+        DWORD cntUsage;
+        DWORD th32ProcessID;
+        DWORD th32DefaultHeapID;
+        DWORD th32ModuleID;
+        DWORD cntThreads;
+        DWORD th32ParentProcessID;
+        LONG pcPriClassBase;
+        DWORD dwFlags;
+        WCHAR szExeFile[MAX_PATH];
+} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W;
+typedef struct tagPROCESSENTRY32 {
+        DWORD dwSize;
+        DWORD cntUsage;
+        DWORD th32ProcessID;
+        DWORD th32DefaultHeapID;
+        DWORD th32ModuleID;
+        DWORD cntThreads;
+        DWORD th32ParentProcessID;
+        LONG pcPriClassBase;
+        DWORD dwFlags;
+        CHAR  szExeFile[MAX_PATH];
+} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32;
+typedef struct tagTHREADENTRY32 {
+        DWORD dwSize;
+        DWORD cntUsage;
+        DWORD th32ThreadID;
+        DWORD th32OwnerProcessID;
+        LONG tpBasePri;
+        LONG tpDeltaPri;
+        DWORD dwFlags;
+} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32;
+typedef struct tagMODULEENTRY32W {
+        DWORD dwSize;
+        DWORD th32ModuleID;
+        DWORD th32ProcessID;
+        DWORD GlblcntUsage;
+        DWORD ProccntUsage;
+        BYTE *modBaseAddr;
+        DWORD modBaseSize;
+        HMODULE hModule; 
+        WCHAR szModule[MAX_MODULE_NAME32 + 1];
+        WCHAR szExePath[MAX_PATH];
+} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W;
+typedef struct tagMODULEENTRY32 {
+        DWORD dwSize;
+        DWORD th32ModuleID;
+        DWORD th32ProcessID;
+        DWORD GlblcntUsage;
+        DWORD ProccntUsage;
+        BYTE *modBaseAddr;
+        DWORD modBaseSize;
+        HMODULE hModule;
+        char szModule[MAX_MODULE_NAME32 + 1];
+        char szExePath[MAX_PATH];
+} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32;
+BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD);
+BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32Next(LPHEAPENTRY32);
+BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD);
+HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD);
+#ifdef UNICODE
+#define LPMODULEENTRY32 LPMODULEENTRY32W
+#define LPPROCESSENTRY32 LPPROCESSENTRY32W
+#define MODULEENTRY32 MODULEENTRY32W
+#define Module32First Module32FirstW
+#define Module32Next Module32NextW
+#define PMODULEENTRY32 PMODULEENTRY32W
+#define PPROCESSENTRY32 PPROCESSENTRY32W
+#define PROCESSENTRY32 PROCESSENTRY32W
+#define Process32First Process32FirstW
+#define Process32Next Process32NextW
+#endif /* UNICODE */
+#ifdef __cplusplus
+}
+#endif
+#endif /* _TLHELP32_H */
+
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
new file mode 100644
index 0000000000..1c8f4e9d81
--- /dev/null
+++ b/src/lib/libssl/src/openssl.spec
@@ -0,0 +1,213 @@
+%define libmaj 0
+%define libmin 9
+%define librel 6
+#%define librev 
+Release: 1
+
+%define openssldir /var/ssl
+
+Summary: Secure Sockets Layer and cryptography libraries and tools
+Name: openssl-engine
+Version: %{libmaj}.%{libmin}.%{librel}
+#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+Copyright: Freely distributable
+Group: System Environment/Libraries
+Provides: SSL
+URL: http://www.openssl.org/
+Packager: Damien Miller <djm@mindrot.org>
+BuildRoot:   /var/tmp/%{name}-%{version}-root
+
+%description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the base OpenSSL cryptography and SSL/TLS 
+libraries and tools.
+
+%package devel
+Summary: Secure Sockets Layer and cryptography static libraries and headers
+Group: Development/Libraries
+Requires: openssl-engine
+%description devel
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS 
+static libraries and header files required when developing applications.
+
+%package doc
+Summary: OpenSSL miscellaneous files
+Group: Documentation
+Requires: openssl-engine
+%description doc
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS extra
+documentation and POD files from which the man pages were produced.
+
+%prep
+
+%setup -q
+
+%build 
+
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr 
+
+perl util/perlpath.pl /usr/bin/perl
+
+%ifarch i386 i486 i586 i686
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf
+#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared
+%endif
+%ifarch ppc
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc
+#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
+%endif
+%ifarch alpha
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha
+#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
+%endif
+LD_LIBRARY_PATH=`pwd` make
+LD_LIBRARY_PATH=`pwd` make rehash
+LD_LIBRARY_PATH=`pwd` make test
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT"
+
+# Rename manpages
+for x in $RPM_BUILD_ROOT/usr/man/man*/* 
+        do mv ${x} ${x}ssl
+done
+
+# Install RSAref stuff
+install -m644 rsaref/rsaref.h $RPM_BUILD_ROOT/usr/include/openssl
+install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
+
+# Make backwards-compatibility symlink to ssleay
+ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+
+# Install shared libs
+install -m644 libcrypto.a $RPM_BUILD_ROOT/usr/lib
+#!#install -m755 libcrypto.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
+install -m644 libssl.a $RPM_BUILD_ROOT/usr/lib
+#!#install -m755 libssl.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
+(
+        cd $RPM_BUILD_ROOT/usr/lib
+        #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so.%{libmaj}
+        #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so
+        #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so.%{libmaj}
+        #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so
+)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files 
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0755,root,root) /usr/bin/*
+#!#%attr(0755,root,root) /usr/lib/*.so*
+%attr(0755,root,root) %{openssldir}/misc/*
+%attr(0644,root,root) /usr/man/man[157]/*
+
+%config %attr(0644,root,root) %{openssldir}/openssl.cnf 
+%dir %attr(0755,root,root) %{openssldir}/certs
+%dir %attr(0755,root,root) %{openssldir}/lib
+%dir %attr(0755,root,root) %{openssldir}/misc
+%dir %attr(0750,root,root) %{openssldir}/private
+
+%files devel
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%defattr(0644,root,root,0755)
+%attr(0644,root,root) /usr/lib/*.a
+%attr(0644,root,root) /usr/include/openssl/*
+%attr(0644,root,root) /usr/man/man[3]/*
+
+%files doc
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+%doc doc
+
+%post
+ldconfig
+
+%postun
+ldconfig
+
+%changelog
+* Thu Sep 14 2000 Richard Levitte <richard@levitte.org>
+- Changed to adapt to the new (supported) way of making shared libraries
+- Installs all static libraries, not just libRSAglue.a
+- Extra documents now end up in a separate document package
+* Sun Feb 27 2000 Damien Miller <djm@mindrot.org>
+- Merged patches to spec
+- Updated to 0.9.5beta2 (now with manpages)
+* Sat Feb  5 2000 Michal Jaegermann <michal@harddata.com>
+- added 'linux-alpha' to configuration
+- fixed nasty absolute links
+* Tue Jan 25 2000 Bennett Todd <bet@rahul.net>
+- Added -DSSL_ALLOW_ADH, bumped Release to 4
+* Thu Oct 14 1999 Damien Miller <djm@mindrot.org>
+- Set default permissions
+- Removed documentation from devel sub-package
+* Thu Sep 30 1999 Damien Miller <djm@mindrot.org>
+- Added "make test" stage
+- GPG signed
+* Tue Sep 10 1999 Damien Miller <damien@ibs.com.au>
+- Updated to version 0.9.4
+* Tue May 25 1999 Damien Miller <damien@ibs.com.au>
+- Updated to version 0.9.3
+- Added attributes for all files
+- Paramatised openssl directory
+* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas@jmconsultores.com.pe>
+- Added "official" bnrec patch and taking other out
+- making a link from ssleay to openssl binary
+- putting all changelog together on SPEC file
+* Fri Mar  5 1999 Henri Gomez <gomez@slib.fr>
+- Added bnrec patch
+* Tue Dec 29 1998 Jonathan Ruano <kobalt@james.encomix.es>
+- minimum spec and patches changes for openssl
+- modified for openssl sources
+* Sat Aug  8 1998 Khimenko Victor <khim@sch57.msk.ru>
+- shared library creating process honours $RPM_OPT_FLAGS
+- shared libarry supports threads (as well as static library)
+* Wed Jul 22 1998 Khimenko Victor <khim@sch57.msk.ru>
+- building of shared library completely reworked
+* Tue Jul 21 1998 Khimenko Victor <khim@sch57.msk.ru>
+- RPM is BuildRoot'ed
+* Tue Feb 10 1998 Khimenko Victor <khim@sch57.msk.ru>
+- all stuff is moved out of /usr/local
diff --git a/src/lib/libssl/src/rsaref/Makefile.ssl b/src/lib/libssl/src/rsaref/Makefile.ssl
index 8d06a531d7..a17e38f9a5 100644
--- a/src/lib/libssl/src/rsaref/Makefile.ssl
+++ b/src/lib/libssl/src/rsaref/Makefile.ssl
@@ -85,15 +85,17 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rsar_err.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-rsar_err.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsar_err.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rsar_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+rsar_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 rsar_err.o: ../include/openssl/opensslv.h ../include/openssl/rsa.h
 rsar_err.o: ../include/openssl/rsaref.h ../include/openssl/safestack.h
-rsar_err.o: ../include/openssl/stack.h
+rsar_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rsaref.o: ../crypto/cryptlib.h ../include/openssl/bio.h ../include/openssl/bn.h
 rsaref.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
 rsaref.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsaref.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
-rsaref.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-rsaref.o: ../include/openssl/rsa.h ../include/openssl/rsaref.h
-rsaref.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rsaref.o: ../include/openssl/err.h ../include/openssl/lhash.h
+rsaref.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsaref.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsaref.o: ../include/openssl/rsaref.h ../include/openssl/safestack.h
+rsaref.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/rsaref/rsaref.h b/src/lib/libssl/src/rsaref/rsaref.h
index 15f65dd94f..498449f40e 100644
--- a/src/lib/libssl/src/rsaref/rsaref.h
+++ b/src/lib/libssl/src/rsaref/rsaref.h
@@ -59,13 +59,13 @@
 #ifndef HEADER_RSAREF_H
 #define HEADER_RSAREF_H
 
+#ifndef NO_RSA
+#include <openssl/rsa.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
  
-#ifndef NO_RSA
-#include <openssl/rsa.h>
-
 /* RSAeuro */
 /*#define  RSAref_MAX_BITS              2048*/
 
@@ -133,6 +133,10 @@ int R_RandomFinal(RSARandomState *rnd);
 
 void ERR_load_RSAREF_strings(void );
 RSA_METHOD *RSA_PKCS1_RSAref(void );
+
+#ifdef  __cplusplus
+}
+#endif
 #endif
 
 /* BEGIN ERROR CODES */
@@ -173,8 +177,4 @@ RSA_METHOD *RSA_PKCS1_RSAref(void );
 #define RSAREF_R_SIGNATURE                               0x040b
 #define RSAREF_R_SIGNATURE_ENCODING                      0x040c
 
-#ifdef  __cplusplus
-}
-#endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
index 7165804eb3..ad8da5c4be 100644
--- a/src/lib/libssl/src/ssl/Makefile.ssl
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -97,21 +97,23 @@ clean:
 bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
-bio_ssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+bio_ssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+bio_ssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
 bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+bio_ssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+bio_ssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 bio_ssl.o: ../include/openssl/x509_vfy.h
 s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -123,7 +125,8 @@ s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -133,8 +136,9 @@ s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -144,7 +148,8 @@ s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -154,8 +159,8 @@ s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -165,7 +170,8 @@ s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -175,8 +181,8 @@ s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -186,7 +192,8 @@ s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -196,8 +203,8 @@ s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -207,7 +214,8 @@ s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s23_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -217,8 +225,9 @@ s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -228,7 +237,8 @@ s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -238,8 +248,9 @@ s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -249,7 +260,8 @@ s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -259,8 +271,8 @@ s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -270,7 +282,8 @@ s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -280,8 +293,8 @@ s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -291,7 +304,8 @@ s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -301,8 +315,8 @@ s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -312,7 +326,8 @@ s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -322,8 +337,8 @@ s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -333,7 +348,8 @@ s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -343,8 +359,9 @@ s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -354,7 +371,8 @@ s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_both.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_both.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -364,8 +382,9 @@ s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -375,7 +394,8 @@ s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -385,8 +405,9 @@ s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
 s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -396,7 +417,8 @@ s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -406,8 +428,8 @@ s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -417,7 +439,8 @@ s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -427,8 +450,8 @@ s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -438,7 +461,8 @@ s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -448,8 +472,8 @@ s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -459,7 +483,8 @@ s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -469,8 +494,8 @@ s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -480,7 +505,8 @@ s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
 s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -490,8 +516,9 @@ s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -501,7 +528,8 @@ ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_algs.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_algs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -511,8 +539,8 @@ ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
 ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -522,8 +550,9 @@ ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
 ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
@@ -532,8 +561,9 @@ ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -541,19 +571,21 @@ ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
 ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_cert.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
 ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
 ssl_cert.o: ssl_locl.h
@@ -566,7 +598,8 @@ ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_ciph.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_ciph.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -576,46 +609,50 @@ ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_err.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_err.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h
 ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_err.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_err.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_err.o: ../include/openssl/x509_vfy.h
 ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_err2.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_err2.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err2.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h
 ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_err2.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_err2.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_err2.o: ../include/openssl/x509_vfy.h
 ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -624,20 +661,22 @@ ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
 ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
 ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -649,7 +688,8 @@ ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -659,8 +699,8 @@ ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -670,7 +710,8 @@ ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -680,8 +721,9 @@ ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -691,7 +733,8 @@ ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_stat.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_stat.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -701,8 +744,8 @@ ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -712,7 +755,8 @@ ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_txt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_txt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -722,8 +766,8 @@ ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -733,7 +777,8 @@ t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
 t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -743,8 +788,9 @@ t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h
 t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -754,8 +800,9 @@ t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-t1_enc.o: ../include/openssl/md2.h ../include/openssl/md5.h
-t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+t1_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
@@ -764,8 +811,9 @@ t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_enc.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
 t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -775,7 +823,8 @@ t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
 t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -785,8 +834,8 @@ t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -796,7 +845,8 @@ t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
 t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_meth.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_meth.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -806,8 +856,8 @@ t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
 t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -817,7 +867,8 @@ t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
 t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -827,5 +878,6 @@ t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index d73c41adcd..d85555a7e6 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -65,13 +65,13 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-static int ssl_write(BIO *h,char *buf,int num);
-static int ssl_read(BIO *h,char *buf,int size);
-static int ssl_puts(BIO *h,char *str);
-static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ssl_new(BIO *h);
 static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h,int cmd,void (*fp)());
+static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 typedef struct bio_ssl_st
         {
         SSL *ssl; /* The ssl handle :-) */
@@ -105,7 +105,7 @@ static int ssl_new(BIO *bi)
         {
         BIO_SSL *bs;
 
-        bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+        bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
         if (bs == NULL)
                 {
                 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
@@ -133,7 +133,7 @@ static int ssl_free(BIO *a)
                 a->flags=0;
                 }
         if (a->ptr != NULL)
-                Free(a->ptr);
+                OPENSSL_free(a->ptr);
         return(1);
         }
         
@@ -221,7 +221,7 @@ static int ssl_read(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static int ssl_write(BIO *b, char *out, int outl)
+static int ssl_write(BIO *b, const char *out, int outl)
         {
         int ret,r=0;
         int retry_reason=0;
@@ -289,7 +289,7 @@ static int ssl_write(BIO *b, char *out, int outl)
         return(ret);
         }
 
-static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         SSL **sslp,*ssl;
         BIO_SSL *bs;
@@ -470,7 +470,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
         return(ret);
         }
 
-static long ssl_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
         {
         SSL *ssl;
         BIO_SSL *bs;
@@ -492,7 +492,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, void (*fp)())
         return(ret);
         }
 
-static int ssl_puts(BIO *bp, char *str)
+static int ssl_puts(BIO *bp, const char *str)
         {
         int n,ret;
 
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index aaedf6a9bb..5050a13ef2 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -366,7 +366,9 @@ static int ssl23_get_server_hello(SSL *s)
                         }
 
                 s->state=SSL2_ST_GET_SERVER_HELLO_A;
-                s->s2->ssl2_rollback=1;
+                if (!(s->client_version == SSL2_VERSION))
+                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+                        s->s2->ssl2_rollback=1;
 
                 /* setup the 5 bytes we have read so we get them from
                  * the sslv2 buffer */
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 6a3bbb10b9..050618235f 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -297,7 +297,7 @@ int ssl23_get_client_hello(SSL *s)
                                         if (n <= 0) return(n);
                                         p=s->packet;
 
-                                        if ((buf=Malloc(n)) == NULL)
+                                        if ((buf=OPENSSL_malloc(n)) == NULL)
                                                 {
                                                 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
                                                 goto err;
@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
                          * SSLv3 or tls1 header
                          */
                         
-                        v[0]=p[1]; /* major version */
+                        v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
                         /* We must look at client_version inside the Client Hello message
-                         * to get the correct minor version: */
-                        v[1]=p[10];
-                        /* However if we have only a pathologically small fragment of the
-                         * Client Hello message, we simply use the version from the
-                         * record header -- this is incorrect but unlikely to fail in
-                         * practice */
+                         * to get the correct minor version.
+                         * However if we have only a pathologically small fragment of the
+                         * Client Hello message, this would be difficult, we'd have
+                         * to read at least one additional record to find out.
+                         * This doesn't usually happen in real life, so we just complain
+                         * for now.
+                         */
                         if (p[3] == 0 && p[4] < 6)
-                                v[1]=p[2];
+                                {
+                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+                                goto err;
+                                }
+                        v[1]=p[10]; /* minor version according to client_version */
                         if (v[1] >= TLS1_VERSION_MINOR)
                                 {
                                 if (!(s->options & SSL_OP_NO_TLSv1))
@@ -495,9 +500,12 @@ int ssl23_get_client_hello(SSL *s)
 
                 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
                 if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-                        use_sslv2_strong)
+                        use_sslv2_strong ||
+                        (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
                         s->s2->ssl2_rollback=0;
                 else
+                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
                         s->s2->ssl2_rollback=1;
 
                 /* setup the n bytes we have read so we get them from
@@ -559,10 +567,10 @@ int ssl23_get_client_hello(SSL *s)
                 }
         s->init_num=0;
 
-        if (buf != buf_space) Free(buf);
+        if (buf != buf_space) OPENSSL_free(buf);
         s->first_packet=1;
         return(SSL_accept(s));
 err:
-        if (buf != buf_space) Free(buf);
+        if (buf != buf_space) OPENSSL_free(buf);
         return(-1);
         }
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 6ff6a51362..47dd09c286 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -920,6 +920,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
                 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
                 goto err;
                 }
+        ERR_clear_error(); /* but we keep s->verify_result */
 
         /* server's cert for this session */
         sc=ssl_sess_cert_new();
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
index a9458e7fa7..35acdf8276 100644
--- a/src/lib/libssl/src/ssl/s2_enc.c
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -80,11 +80,11 @@ int ssl2_enc_init(SSL *s, int client)
 
         if ((s->enc_read_ctx == NULL) &&
                 ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                 goto err;
         if ((s->enc_write_ctx == NULL) &&
                 ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                 goto err;
 
         rs= s->enc_read_ctx;
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 5ddba23a06..129ed89d97 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -267,12 +267,12 @@ int ssl2_new(SSL *s)
         {
         SSL2_STATE *s2;
 
-        if ((s2=Malloc(sizeof *s2)) == NULL) goto err;
+        if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
         memset(s2,0,sizeof *s2);
 
-        if ((s2->rbuf=Malloc(
+        if ((s2->rbuf=OPENSSL_malloc(
                 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
-        if ((s2->wbuf=Malloc(
+        if ((s2->wbuf=OPENSSL_malloc(
                 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
         s->s2=s2;
 
@@ -281,9 +281,9 @@ int ssl2_new(SSL *s)
 err:
         if (s2 != NULL)
                 {
-                if (s2->wbuf != NULL) Free(s2->wbuf);
-                if (s2->rbuf != NULL) Free(s2->rbuf);
-                Free(s2);
+                if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+                if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+                OPENSSL_free(s2);
                 }
         return(0);
         }
@@ -296,10 +296,10 @@ void ssl2_free(SSL *s)
             return;
 
         s2=s->s2;
-        if (s2->rbuf != NULL) Free(s2->rbuf);
-        if (s2->wbuf != NULL) Free(s2->wbuf);
+        if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+        if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
         memset(s2,0,sizeof *s2);
-        Free(s2);
+        OPENSSL_free(s2);
         s->s2=NULL;
         }
 
@@ -384,7 +384,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
                 (char *)sorted,
                 SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                (int (*)())ssl_cipher_ptr_id_cmp);
+                FP_ICC ssl_cipher_ptr_id_cmp);
         if ((cpp == NULL) || !(*cpp)->valid)
                 return(NULL);
         else
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 332e284451..1ed02540ae 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -898,7 +898,7 @@ static int request_certificate(SSL *s)
                 EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
                 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
-                buf2=Malloc((unsigned int)i);
+                buf2=OPENSSL_malloc((unsigned int)i);
                 if (buf2 == NULL)
                         {
                         SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -907,7 +907,7 @@ static int request_certificate(SSL *s)
                 p2=buf2;
                 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
                 EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
-                Free(buf2);
+                OPENSSL_free(buf2);
 
                 pkey=X509_get_pubkey(x509);
                 if (pkey == NULL) goto end;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 03e0c38770..d92c164b0f 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -567,7 +567,7 @@ int ssl3_setup_buffers(SSL *s)
                         extra=SSL3_RT_MAX_EXTRA;
                 else
                         extra=0;
-                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+                if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
                         == NULL)
                         goto err;
                 s->s3->rbuf.buf=p;
@@ -575,7 +575,7 @@ int ssl3_setup_buffers(SSL *s)
 
         if (s->s3->wbuf.buf == NULL)
                 {
-                if ((p=Malloc(SSL3_RT_MAX_PACKET_SIZE))
+                if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE))
                         == NULL)
                         goto err;
                 s->s3->wbuf.buf=p;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 0c8f551f73..62040f9f1d 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -69,7 +69,7 @@ static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
 static int ssl3_get_server_hello(SSL *s);
 static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 static int ssl3_get_server_done(SSL *s);
 static int ssl3_send_client_verify(SSL *s);
 static int ssl3_send_client_certificate(SSL *s);
@@ -142,7 +142,12 @@ int ssl3_connect(SSL *s)
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
                         if ((s->version & 0xff00 ) != 0x0300)
-                                abort();
+                                {
+                                SSLerr(SSL_F_SSL3_CONNECT, SSL_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                                }
+                                
                         /* s->version=SSL3_VERSION; */
                         s->type=SSL_ST_CONNECT;
 
@@ -764,6 +769,7 @@ static int ssl3_get_server_certificate(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
                 goto f_err; 
                 }
+        ERR_clear_error(); /* but we keep s->verify_result */
 
         sc=ssl_sess_cert_new();
         if (sc == NULL) goto err;
@@ -934,10 +940,12 @@ static int ssl3_get_key_exchange(SSL *s)
                 s->session->sess_cert->peer_rsa_tmp=rsa;
                 rsa=NULL;
                 }
-        else
+#else /* NO_RSA */
+        if (0)
+                ;
 #endif
 #ifndef NO_DH
-                if (alg & SSL_kEDH)
+        else if (alg & SSL_kEDH)
                 {
                 if ((dh=DH_new()) == NULL)
                         {
@@ -993,10 +1001,12 @@ static int ssl3_get_key_exchange(SSL *s)
 #ifndef NO_RSA
                 if (alg & SSL_aRSA)
                         pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-                else
+#else
+                if (0)
+                        ;
 #endif
 #ifndef NO_DSA
-                if (alg & SSL_aDSS)
+                else if (alg & SSL_aDSS)
                         pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
                 /* else anonymous DH, so no certificate or pkey. */
@@ -1010,7 +1020,7 @@ static int ssl3_get_key_exchange(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
                 goto f_err;
                 }
-#endif
+#endif /* !NO_DH */
         if (alg & SSL_aFZA)
                 {
                 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1274,7 +1284,7 @@ err:
         return(ret);
         }
 
-static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
         {
         return(X509_NAME_cmp(*a,*b));
         }
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index df4acab3d0..012a4b8740 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -150,7 +150,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_read_ctx == NULL) &&
                         ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_read_ctx;
                 s->read_hash=m;
@@ -170,7 +170,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                                 }
                         if (s->s3->rrec.comp == NULL)
                                 s->s3->rrec.comp=(unsigned char *)
-                                        Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+                                        OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
                         if (s->s3->rrec.comp == NULL)
                                 goto err;
                         }
@@ -181,7 +181,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_write_ctx == NULL) &&
                         ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_write_ctx;
                 s->write_hash=m;
@@ -300,7 +300,7 @@ int ssl3_setup_key_block(SSL *s)
 
         ssl3_cleanup_key_block(s);
 
-        if ((p=Malloc(num)) == NULL)
+        if ((p=OPENSSL_malloc(num)) == NULL)
                 goto err;
 
         s->s3->tmp.key_block_length=num;
@@ -320,7 +320,7 @@ void ssl3_cleanup_key_block(SSL *s)
                 {
                 memset(s->s3->tmp.key_block,0,
                         s->s3->tmp.key_block_length);
-                Free(s->s3->tmp.key_block);
+                OPENSSL_free(s->s3->tmp.key_block);
                 s->s3->tmp.key_block=NULL;
                 }
         s->s3->tmp.key_block_length=0;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 7ada26cbb6..cee2021b6b 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -648,7 +648,7 @@ int ssl3_new(SSL *s)
         {
         SSL3_STATE *s3;
 
-        if ((s3=Malloc(sizeof *s3)) == NULL) goto err;
+        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
         memset(s3,0,sizeof *s3);
 
         s->s3=s3;
@@ -666,11 +666,11 @@ void ssl3_free(SSL *s)
 
         ssl3_cleanup_key_block(s);
         if (s->s3->rbuf.buf != NULL)
-                Free(s->s3->rbuf.buf);
+                OPENSSL_free(s->s3->rbuf.buf);
         if (s->s3->wbuf.buf != NULL)
-                Free(s->s3->wbuf.buf);
+                OPENSSL_free(s->s3->wbuf.buf);
         if (s->s3->rrec.comp != NULL)
-                Free(s->s3->rrec.comp);
+                OPENSSL_free(s->s3->rrec.comp);
 #ifndef NO_DH
         if (s->s3->tmp.dh != NULL)
                 DH_free(s->s3->tmp.dh);
@@ -678,7 +678,7 @@ void ssl3_free(SSL *s)
         if (s->s3->tmp.ca_names != NULL)
                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
         memset(s->s3,0,sizeof *s->s3);
-        Free(s->s3);
+        OPENSSL_free(s->s3);
         s->s3=NULL;
         }
 
@@ -692,7 +692,7 @@ void ssl3_clear(SSL *s)
 
         if (s->s3->rrec.comp != NULL)
                 {
-                Free(s->s3->rrec.comp);
+                OPENSSL_free(s->s3->rrec.comp);
                 s->s3->rrec.comp=NULL;
                 }
 #ifndef NO_DH
@@ -1041,7 +1041,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
         cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
                 (char *)sorted,
                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                (int (*)())ssl_cipher_ptr_id_cmp);
+                FP_ICC ssl_cipher_ptr_id_cmp);
         if ((cpp == NULL) || !(*cpp)->valid)
                 return(NULL);
         else
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index eb965310d9..1414079853 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -899,19 +899,21 @@ start:
                                         return(-1);
                                         }
 
-                                if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                if (!(s->mode & SSL_MODE_AUTO_RETRY))
                                         {
-                                        BIO *bio;
-                                        /* In the case where we try to read application data
-                                         * the first time, but we trigger an SSL handshake, we
-                                         * return -1 with the retry option set.  I do this
-                                         * otherwise renegotiation can cause nasty problems 
-                                         * in the blocking world */ /* ? */
-                                        s->rwstate=SSL_READING;
-                                        bio=SSL_get_rbio(s);
-                                        BIO_clear_retry_flags(bio);
-                                        BIO_set_retry_read(bio);
-                                        return(-1);
+                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                                {
+                                                BIO *bio;
+                                                /* In the case where we try to read application data,
+                                                 * but we trigger an SSL handshake, we return -1 with
+                                                 * the retry option set.  Otherwise renegotiation may
+                                                 * cause nasty problems in the blocking world */
+                                                s->rwstate=SSL_READING;
+                                                bio=SSL_get_rbio(s);
+                                                BIO_clear_retry_flags(bio);
+                                                BIO_set_retry_read(bio);
+                                                return(-1);
+                                                }
                                         }
                                 }
                         }
@@ -954,7 +956,7 @@ start:
                         s->rwstate=SSL_NOTHING;
                         s->s3->fatal_alert = alert_descr;
                         SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-                        sprintf(tmp,"%d",alert_descr);
+                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
                         ERR_add_error_data(2,"SSL alert number ",tmp);
                         s->shutdown|=SSL_RECEIVED_SHUTDOWN;
                         SSL_CTX_remove_session(s->ctx,s->session);
@@ -1022,19 +1024,21 @@ start:
                         return(-1);
                         }
 
-                if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                if (!(s->mode & SSL_MODE_AUTO_RETRY))
                         {
-                        BIO *bio;
-                        /* In the case where we try to read application data
-                         * the first time, but we trigger an SSL handshake, we
-                         * return -1 with the retry option set.  I do this
-                         * otherwise renegotiation can cause nasty problems 
-                         * in the blocking world */ /* ? */
-                        s->rwstate=SSL_READING;
-                        bio=SSL_get_rbio(s);
-                        BIO_clear_retry_flags(bio);
-                        BIO_set_retry_read(bio);
-                        return(-1);
+                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                {
+                                BIO *bio;
+                                /* In the case where we try to read application data,
+                                 * but we trigger an SSL handshake, we return -1 with
+                                 * the retry option set.  Otherwise renegotiation may
+                                 * cause nasty problems in the blocking world */
+                                s->rwstate=SSL_READING;
+                                bio=SSL_get_rbio(s);
+                                BIO_clear_retry_flags(bio);
+                                BIO_set_retry_read(bio);
+                                return(-1);
+                                }
                         }
                 goto start;
                 }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index e23ca20bd3..bb8cfb31e5 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -153,7 +153,10 @@ int ssl3_accept(SSL *s)
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
                         if ((s->version>>8) != 3)
-                                abort();
+                                {
+                                SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR);
+                                return -1;
+                                }
                         s->type=SSL_ST_ACCEPT;
 
                         if (s->init_buf == NULL)
@@ -982,7 +985,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                         dhp=cert->dh_tmp;
                         if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
                                 dhp=s->cert->dh_tmp_cb(s,
-                                      !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
                                       SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
                         if (dhp == NULL)
                                 {
@@ -1326,11 +1329,22 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         goto f_err;
                         }
 
-                if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
+                if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
                         {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
-                        goto f_err;
+                        /* The premaster secret must contain the same version number as the
+                         * ClientHello to detect version rollback attacks (strangely, the
+                         * protocol does not offer such protection for DH ciphersuites).
+                         * However, buggy clients exist that send the negotiated protocol
+                         * version instead if the server does not support the requested
+                         * protocol version.
+                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+                        if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+                                (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+                                {
+                                al=SSL_AD_DECODE_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+                                goto f_err;
+                                }
                         }
 
                 s->session->master_key_length=
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index bb846f491c..fdbdc70ba7 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -59,12 +59,21 @@
 #ifndef HEADER_SSL_H 
 #define HEADER_SSL_H 
 
+#ifndef NO_COMP
+#include <openssl/comp.h>
+#endif
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef NO_X509
+#include <openssl/x509.h>
+#endif
+#include <openssl/safestack.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/safestack.h>
-
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
  * Version 1 - added the optional peer certificate
@@ -140,6 +149,10 @@ extern "C" {
 #define SSL_SENT_SHUTDOWN       1
 #define SSL_RECEIVED_SHUTDOWN   2
 
+#ifdef __cplusplus
+}
+#endif
+
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 #include <openssl/buffer.h>
@@ -147,6 +160,10 @@ extern "C" {
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
 #define NO_SSL2
 #endif
@@ -318,6 +335,9 @@ typedef struct ssl_session_st
  * the misconception that non-blocking SSL_write() behaves like
  * non-blocking write(): */
 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -343,15 +363,15 @@ typedef struct ssl_session_st
 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
 
 typedef struct ssl_comp_st
-{
-    int id;
-    char *name;
-#ifdef HEADER_COMP_H
-    COMP_METHOD *method;
+        {
+        int id;
+        char *name;
+#ifndef NO_COMP
+        COMP_METHOD *method;
 #else
-    char *method;
+        char *method;
 #endif
-} SSL_COMP;
+        } SSL_COMP;
 
 DECLARE_STACK_OF(SSL_COMP)
 
@@ -533,10 +553,10 @@ struct ssl_st
          * same.  This is so data can be read and written to different
          * handlers */
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
         BIO *rbio; /* used by SSL_read */
         BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatinate
+        BIO *bbio; /* used during session-id reuse to concatenate
                     * messages */
 #else
         char *rbio; /* used by SSL_read */
@@ -597,7 +617,7 @@ struct ssl_st
 
         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
         const EVP_MD *read_hash;                /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
         COMP_CTX *expand;                       /* uncompress */
 #else
         char *expand;
@@ -605,7 +625,7 @@ struct ssl_st
 
         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
         const EVP_MD *write_hash;               /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
         COMP_CTX *compress;                     /* compression */
 #else
         char *compress; 
@@ -655,11 +675,19 @@ struct ssl_st
                                  * SSLv3/TLS rollback check */
         };
 
+#ifdef __cplusplus
+}
+#endif
+
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
 #include <openssl/ssl23.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* compatibility */
 #define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
 #define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
@@ -883,7 +911,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -920,7 +948,7 @@ int	SSL_set_fd(SSL *s, int fd);
 int     SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
 BIO *   SSL_get_rbio(SSL *s);
 BIO *   SSL_get_wbio(SSL *s);
@@ -975,7 +1003,7 @@ int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
 #ifndef NO_FP_API
 int     SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
@@ -1171,7 +1199,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
                                            int keylength));
 #endif
 
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 int SSL_COMP_add_compression_method(int id,char *cm);
@@ -1443,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_READ_WRONG_PACKET_TYPE                     212
 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
 #define SSL_R_RECORD_TOO_LARGE                           214
+#define SSL_R_RECORD_TOO_SMALL                           1093
 #define SSL_R_REQUIRED_CIPHER_MISSING                    215
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
diff --git a/src/lib/libssl/src/ssl/ssl2.h b/src/lib/libssl/src/ssl/ssl2.h
index 01d41c88c5..df7d03c18f 100644
--- a/src/lib/libssl/src/ssl/ssl2.h
+++ b/src/lib/libssl/src/ssl/ssl2.h
@@ -133,7 +133,11 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
+#ifdef MPE
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    (unsigned int)29998
+#else
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    (unsigned int)32767 
+#endif
 #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /**/
 
 #define SSL2_CHALLENGE_LENGTH   16
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index f616763830..7ee1feaa67 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -59,6 +59,9 @@
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
+#ifndef NO_COMP
+#include <openssl/comp.h>
+#endif
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
@@ -310,7 +313,7 @@ typedef struct ssl3_state_st
 
                 const EVP_CIPHER *new_sym_enc;
                 const EVP_MD *new_hash;
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
                 const SSL_COMP *new_compression;
 #else
                 char *new_compression;
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index e77cdddfd3..fa6456e4f5 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -92,7 +92,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 
         /* Note that I cheat in the following 2 assignments.  I know
          * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
-         * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+         * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
          * This is a bit evil but makes things simple, no dynamic allocation
          * to clean up :-) */
         a.version.length=LSIZE2;
@@ -223,13 +223,13 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         ai.data=NULL; ai.length=0;
         M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
         version=(int)ASN1_INTEGER_get(aip);
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         /* we don't care about the version right now :-) */
         M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
         ssl_version=(int)ASN1_INTEGER_get(aip);
         ret->ssl_version=ssl_version;
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         os.data=NULL; os.length=0;
         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -291,14 +291,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         else
                 ret->key_arg_length=os.length;
         memcpy(ret->key_arg,os.data,ret->key_arg_length);
-        if (os.data != NULL) Free(os.data);
+        if (os.data != NULL) OPENSSL_free(os.data);
 
         ai.length=0;
         M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
         if (ai.data != NULL)
                 {
                 ret->time=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->time=time(NULL);
@@ -308,7 +308,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         if (ai.data != NULL)
                 {
                 ret->timeout=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->timeout=3;
@@ -330,7 +330,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
             ret->sid_ctx_length=os.length;
             memcpy(ret->sid_ctx,os.data,os.length);
-            Free(os.data); os.data=NULL; os.length=0;
+            OPENSSL_free(os.data); os.data=NULL; os.length=0;
             }
         else
             ret->sid_ctx_length=0;
@@ -340,7 +340,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         if (ai.data != NULL)
                 {
                 ret->verify_result=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->verify_result=X509_V_OK;
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index f2335d5650..c26df62c20 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -143,7 +143,7 @@ CERT *ssl_cert_new(void)
         {
         CERT *ret;
 
-        ret=(CERT *)Malloc(sizeof(CERT));
+        ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
@@ -162,7 +162,7 @@ CERT *ssl_cert_dup(CERT *cert)
         CERT *ret;
         int i;
 
-        ret = (CERT *)Malloc(sizeof(CERT));
+        ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
@@ -331,7 +331,7 @@ void ssl_cert_free(CERT *c)
                         EVP_PKEY_free(c->pkeys[i].publickey);
 #endif
                 }
-        Free(c);
+        OPENSSL_free(c);
         }
 
 int ssl_cert_inst(CERT **o)
@@ -367,7 +367,7 @@ SESS_CERT *ssl_sess_cert_new(void)
         {
         SESS_CERT *ret;
 
-        ret = Malloc(sizeof *ret);
+        ret = OPENSSL_malloc(sizeof *ret);
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
@@ -426,7 +426,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)
                 DH_free(sc->peer_dh_tmp);
 #endif
 
-        Free(sc);
+        OPENSSL_free(sc);
         }
 
 int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
@@ -568,7 +568,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
         return(add_client_CA(&(ctx->client_CA),x));
         }
 
-static int xname_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
         {
         return(X509_NAME_cmp(*a,*b));
         }
@@ -589,7 +589,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
         X509_NAME *xn=NULL;
         STACK_OF(X509_NAME) *ret,*sk;
 
-        ret=sk_X509_NAME_new(NULL);
+        ret=sk_X509_NAME_new_null();
         sk=sk_X509_NAME_new(xname_cmp);
 
         in=BIO_new(BIO_s_file_internal());
@@ -644,53 +644,53 @@ err:
 
 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file)
-    {
-    BIO *in;
-    X509 *x=NULL;
-    X509_NAME *xn=NULL;
-    int ret=1;
-    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
-
-    oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-
-    in=BIO_new(BIO_s_file_internal());
-
-    if (in == NULL)
         {
-        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-        goto err;
-        }
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        int ret=1;
+        int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
         
-    if (!BIO_read_filename(in,file))
-        goto err;
-
-    for (;;)
-        {
-        if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-            break;
-        if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-        xn=X509_NAME_dup(xn);
-        if (xn == NULL) goto err;
-        if (sk_X509_NAME_find(stack,xn) >= 0)
-            X509_NAME_free(xn);
-        else
-            sk_X509_NAME_push(stack,xn);
-        }
+        oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
+        
+        in=BIO_new(BIO_s_file_internal());
+        
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_X509_NAME_find(stack,xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        sk_X509_NAME_push(stack,xn);
+                }
 
-    if (0)
-        {
+        if (0)
+                {
 err:
-        ret=0;
-        }
-    if(in != NULL)
-        BIO_free(in);
-    if(x != NULL)
-        X509_free(x);
-
-    sk_X509_NAME_set_cmp_func(stack,oldcmp);
+                ret=0;
+                }
+        if(in != NULL)
+                BIO_free(in);
+        if(x != NULL)
+                X509_free(x);
+        
+        sk_X509_NAME_set_cmp_func(stack,oldcmp);
 
-    return ret;
-    }
+        return ret;
+        }
 
 /*!
  * Add a directory of certs to a stack.
@@ -709,44 +709,46 @@ err:
 
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir)
-    {
-    DIR *d;
-    struct dirent *dstruct;
-    int ret = 0;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-    d = opendir(dir);
-
-    /* Note that a side effect is that the CAs will be sorted by name */
-    if(!d)
         {
-        SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-        ERR_add_error_data(3, "opendir('", dir, "')");
-        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-        goto err;
-        }
+        DIR *d;
+        struct dirent *dstruct;
+        int ret = 0;
 
-    while((dstruct=readdir(d)))
-        {
-        char buf[1024];
+        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+        d = opendir(dir);
 
-        if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
-            {
-            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-            goto err;
-            }
+        /* Note that a side effect is that the CAs will be sorted by name */
+        if(!d)
+                {
+                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+                ERR_add_error_data(3, "opendir('", dir, "')");
+                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+                goto err;
+                }
         
-        sprintf(buf,"%s/%s",dir,dstruct->d_name);
-        if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-            goto err;
-        }
-    ret = 1;
+        while((dstruct=readdir(d)))
+                {
+                char buf[1024];
+                int r;
+                
+                if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+                        goto err;
+                        }
+                
+                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
+                if (r <= 0 || r >= sizeof buf)
+                        goto err;
+                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+                        goto err;
+                }
+        ret = 1;
 
 err:    
-    closedir(d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-    return ret;
-    }
+        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+        return ret;
+        }
 
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 7436a50ad1..f63163f26c 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -518,7 +518,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
                 curr = curr->next;
                 }
 
-        number_uses = Malloc((max_strength_bits + 1) * sizeof(int));
+        number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
         if (!number_uses)
         {
                 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
@@ -545,7 +545,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
                         ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
                                         list, head_p, tail_p);
 
-        Free(number_uses);
+        OPENSSL_free(number_uses);
         return(1);
         }
 
@@ -738,7 +738,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          * it is used for allocation.
          */
         num_of_ciphers = ssl_method->num_ciphers();
-        list = (CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+        list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
         if (list == NULL)
                 {
                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
@@ -759,10 +759,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
         num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
         ca_list =
-                (SSL_CIPHER **)Malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
         if (ca_list == NULL)
                 {
-                Free(list);
+                OPENSSL_free(list);
                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                 return(NULL);   /* Failure */
                 }
@@ -788,20 +788,20 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
                                                 ca_list);
 
-        Free(ca_list);  /* Not needed anymore */
+        OPENSSL_free(ca_list);  /* Not needed anymore */
 
         if (!ok)
                 {       /* Rule processing failure */
-                Free(list);
+                OPENSSL_free(list);
                 return(NULL);
                 }
         /*
          * Allocate new "cipherstack" for the result, return with error
          * if we cannot get one.
          */
-        if ((cipherstack = sk_SSL_CIPHER_new(NULL)) == NULL)
+        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
                 {
-                Free(list);
+                OPENSSL_free(list);
                 return(NULL);
                 }
 
@@ -819,7 +819,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
                         }
                 }
-        Free(list);     /* Not needed any longer */
+        OPENSSL_free(list);     /* Not needed any longer */
 
         /*
          * The following passage is a little bit odd. If pointer variables
@@ -975,13 +975,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 
         if (buf == NULL)
                 {
-                buf=Malloc(128);
-                if (buf == NULL) return("Malloc Error");
+                len=128;
+                buf=OPENSSL_malloc(len);
+                if (buf == NULL) return("OPENSSL_malloc Error");
                 }
         else if (len < 128)
                 return("Buffer too small");
 
-        sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
         return(buf);
         }
 
@@ -1036,7 +1037,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
         return(NULL);
         }
 
-static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+static int sk_comp_cmp(const SSL_COMP * const *a,
+                        const SSL_COMP * const *b)
         {
         return((*a)->id-(*b)->id);
         }
@@ -1051,7 +1053,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         SSL_COMP *comp;
         STACK_OF(SSL_COMP) *sk;
 
-        comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
+        comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
         comp->id=id;
         comp->method=cm;
         if (ssl_comp_methods == NULL)
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 642c3f93e7..17b4caf528 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
 {SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
 {SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_RECORD_TOO_SMALL                  ,"record too small"},
 {SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index c515c41b4e..635b25062e 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -58,6 +58,8 @@
  * [including the GNU Public Licence.]
  */
 
+
+#include <assert.h>
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
@@ -183,7 +185,7 @@ SSL *SSL_new(SSL_CTX *ctx)
                 return(NULL);
                 }
 
-        s=(SSL *)Malloc(sizeof(SSL));
+        s=(SSL *)OPENSSL_malloc(sizeof(SSL));
         if (s == NULL) goto err;
         memset(s,0,sizeof(SSL));
 
@@ -239,7 +241,7 @@ err:
                         ssl_cert_free(s->cert);
                 if (s->ctx != NULL)
                         SSL_CTX_free(s->ctx); /* decrement reference count */
-                Free(s);
+                OPENSSL_free(s);
                 }
         SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
         return(NULL);
@@ -375,7 +377,7 @@ void SSL_free(SSL *s)
 
         if (s->method != NULL) s->method->ssl_free(s);
 
-        Free(s);
+        OPENSSL_free(s);
         }
 
 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
@@ -874,7 +876,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
                 }
         }
 
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
         {
         long l;
 
@@ -885,7 +887,8 @@ int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
                 return((l > 0)?1:-1);
         }
 
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp)
         {
         long l;
 
@@ -1033,7 +1036,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                 return(NULL);
                 }
         if ((skp == NULL) || (*skp == NULL))
-                sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
+                sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
         else
                 {
                 sk= *skp;
@@ -1099,7 +1102,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
                 goto err;
                 }
-        ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+        ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
         if (ret == NULL)
                 goto err;
 
@@ -1195,7 +1198,7 @@ err2:
         }
 
 static void SSL_COMP_free(SSL_COMP *comp)
-    { Free(comp); }
+    { OPENSSL_free(comp); }
 
 void SSL_CTX_free(SSL_CTX *a)
         {
@@ -1236,7 +1239,7 @@ void SSL_CTX_free(SSL_CTX *a)
                 sk_X509_pop_free(a->extra_certs,X509_free);
         if (a->comp_methods != NULL)
                 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
@@ -1759,13 +1762,13 @@ void ssl_clear_cipher_ctx(SSL *s)
         if (s->enc_read_ctx != NULL)
                 {
                 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                Free(s->enc_read_ctx);
+                OPENSSL_free(s->enc_read_ctx);
                 s->enc_read_ctx=NULL;
                 }
         if (s->enc_write_ctx != NULL)
                 {
                 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                Free(s->enc_write_ctx);
+                OPENSSL_free(s->enc_write_ctx);
                 s->enc_write_ctx=NULL;
                 }
         if (s->expand != NULL)
@@ -1843,19 +1846,16 @@ int ssl_init_wbio_buffer(SSL *s,int push)
 
 void ssl_free_wbio_buffer(SSL *s)
         {
-        BIO *under;
-
         if (s->bbio == NULL) return;
 
         if (s->bbio == s->wbio)
                 {
                 /* remove buffering */
-                under=BIO_pop(s->wbio);
-                if (under != NULL)
-                        s->wbio=under;
-                else
-                        abort(); /* ok */
-                }
+                s->wbio=BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
+                assert(s->wbio != NULL);
+#endif  
+        }
         BIO_free(s->bbio);
         s->bbio=NULL;
         }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 9a52bab254..d70fff4627 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -423,8 +423,9 @@ void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp);
 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 9e01f72753..416def8908 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -111,7 +111,7 @@ SSL_SESSION *SSL_SESSION_new(void)
         {
         SSL_SESSION *ss;
 
-        ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
+        ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
         if (ss == NULL)
                 {
                 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
@@ -310,7 +310,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 #if 0 /* This is way too late. */
 
         /* If a thread got the session, then 'swaped', and another got
-         * it and then due to a time-out decided to 'Free' it we could
+         * it and then due to a time-out decided to 'OPENSSL_free' it we could
          * be in trouble.  So I'll increment it now, then double decrement
          * later - am I speaking rubbish?. */
         CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -474,7 +474,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
         if (ss->peer != NULL) X509_free(ss->peer);
         if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
         memset(ss,0,sizeof(*ss));
-        Free(ss);
+        OPENSSL_free(ss);
         }
 
 int SSL_set_session(SSL *s, SSL_SESSION *session)
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index c07d957576..6e33eec3e4 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
 int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
         {
         unsigned int i;
-        char str[128],*s;
+        char *s;
 
         if (x == NULL) goto err;
         if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
@@ -93,36 +93,41 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
                 s="TLSv1";
         else
                 s="unknown";
-        sprintf(str,"    Protocol  : %s\n",s);
-        if (BIO_puts(bp,str) <= 0) goto err;
+        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
 
         if (x->cipher == NULL)
                 {
                 if (((x->cipher_id) & 0xff000000) == 0x02000000)
-                        sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
+                                goto err;
+                        }
                 else
-                        sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
+                                goto err;
+                        }
                 }
         else
-                sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
-        if (BIO_puts(bp,str) <= 0) goto err;
+                {
+                if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
+                        goto err;
+                }
         if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
         for (i=0; i<x->session_id_length; i++)
                 {
-                sprintf(str,"%02X",x->session_id[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
         for (i=0; i<x->sid_ctx_length; i++)
                 {
-                sprintf(str,"%02X",x->sid_ctx[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
+                        goto err;
                 }
         if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
         for (i=0; i<(unsigned int)x->master_key_length; i++)
                 {
-                sprintf(str,"%02X",x->master_key[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
         if (x->key_arg_length == 0)
@@ -132,8 +137,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
         else
                 for (i=0; i<x->key_arg_length; i++)
                         {
-                        sprintf(str,"%02X",x->key_arg[i]);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
                         }
         if (x->compress_meth != 0)
                 {
@@ -142,32 +146,26 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
                 ssl_cipher_get_evp(x,NULL,NULL,&comp);
                 if (comp == NULL)
                         {
-                        sprintf(str,"\n   Compression: %d",x->compress_meth);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
                         }
                 else
                         {
-                        sprintf(str,"\n   Compression: %d (%s)",
-                                comp->id,comp->method->name);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
                         }
                 }       
         if (x->time != 0L)
                 {
-                sprintf(str,"\n    Start Time: %ld",x->time);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
                 }
         if (x->timeout != 0L)
                 {
-                sprintf(str,"\n    Timeout   : %ld (sec)",x->timeout);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n") <= 0) goto err;
 
         if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
-        sprintf(str, "%ld (%s)\n", x->verify_result, 
-                        X509_verify_cert_error_string(x->verify_result));
-        if (BIO_puts(bp,str) <= 0) goto err;
+        if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
                 
         return(1);
 err:
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index dde35794f5..2ef8a50785 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -88,6 +88,7 @@
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
+static void free_tmp_rsa(void);
 #endif
 #ifndef NO_DH
 static DH *get_dh512(void);
@@ -528,6 +529,9 @@ end:
 
         if (bio_stdout != NULL) BIO_free(bio_stdout);
 
+#ifndef NO_RSA
+        free_tmp_rsa();
+#endif
         ERR_free_strings();
         ERR_remove_state(0);
         EVP_cleanup();
@@ -1189,7 +1193,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
         ret=0;
 err:
         /* We have to set the BIO's to NULL otherwise they will be
-         * Free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and
          * again when c_ssl is SSL_free()ed.
          * This is a hack required because s_ssl and c_ssl are sharing the same
          * BIO structure and SSL_set_bio() and SSL_free() automatically
@@ -1242,10 +1246,10 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
         }
 
 #ifndef NO_RSA
+static RSA *rsa_tmp=NULL;
+
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
         {
-        static RSA *rsa_tmp=NULL;
-
         if (rsa_tmp == NULL)
                 {
                 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
@@ -1256,6 +1260,15 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
                 }
         return(rsa_tmp);
         }
+
+static void free_tmp_rsa(void)
+        {
+        if (rsa_tmp != NULL)
+                {
+                RSA_free(rsa_tmp);
+                rsa_tmp = NULL;
+                }
+        }
 #endif
 
 #ifndef NO_DH
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 279e45db5d..0d34357eb4 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -178,7 +178,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_read_ctx == NULL) &&
                         ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_read_ctx;
                 s->read_hash=m;
@@ -197,7 +197,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                                 }
                         if (s->s3->rrec.comp == NULL)
                                 s->s3->rrec.comp=(unsigned char *)
-                                        Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+                                        OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
                         if (s->s3->rrec.comp == NULL)
                                 goto err;
                         }
@@ -208,7 +208,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_write_ctx == NULL) &&
                         ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_write_ctx;
                 s->write_hash=m;
@@ -355,9 +355,9 @@ int tls1_setup_key_block(SSL *s)
 
         ssl3_cleanup_key_block(s);
 
-        if ((p1=(unsigned char *)Malloc(num)) == NULL)
+        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 goto err;
-        if ((p2=(unsigned char *)Malloc(num)) == NULL)
+        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 goto err;
 
         s->s3->tmp.key_block_length=num;
@@ -374,7 +374,7 @@ printf("pre-master\n");
 #endif
         tls1_generate_key_block(s,p1,p2,num);
         memset(p2,0,num);
-        Free(p2);
+        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index 6e2b06d34f..cf92ae034f 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -84,6 +84,10 @@ extern "C" {
 #define TLS1_AD_USER_CANCELLED          90
 #define TLS1_AD_NO_RENEGOTIATION        100
 
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
@@ -92,6 +96,13 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
 
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
index dbb523bf15..b961dabc3c 100644
--- a/src/lib/libssl/src/test/Makefile.ssl
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -38,6 +38,7 @@ SHA1TEST=	sha1test
 MDC2TEST=       mdc2test
 RMDTEST=        rmdtest
 MD2TEST=        md2test
+MD4TEST=        md4test
 MD5TEST=        md5test
 HMACTEST=       hmactest
 RC2TEST=        rc2test
@@ -52,24 +53,27 @@ DSATEST=	dsatest
 METHTEST=       methtest
 SSLTEST=        ssltest
 RSATEST=        rsa_test
+ENGINETEST=     enginetest
 
-EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
         $(RC2TEST) $(RC4TEST) $(RC5TEST) \
         $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
-        $(RANDTEST) $(DHTEST) \
+        $(RANDTEST) $(DHTEST) $(ENGINETEST) \
         $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
 
 # $(METHTEST)
 
-OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+        $(HMACTEST).o \
         $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
         $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
-        $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
         $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
-SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+        $(HMACTEST).c \
         $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
         $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-        $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
         $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
 
 EXHEADER= 
@@ -98,11 +102,12 @@ tags:
         ctags $(SRC)
 
 tests:  exe apps \
-        test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 \
         test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
         test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
         test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-        test_ss test_ssl test_ca
+        test_ss test_ca test_engine test_ssl
 
 apps:
         @(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
@@ -123,6 +128,9 @@ test_mdc2:
 test_md5:
         ./$(MD5TEST)
 
+test_md4:
+        ./$(MD4TEST)
+
 test_hmac:
         ./$(HMACTEST)
 
@@ -210,6 +218,10 @@ test_ss:
         @echo "Generate and certify a test certificate"
         @sh ./testss
 
+test_engine: 
+        @echo "Manipulate the ENGINE structures"
+        ./$(ENGINETEST)
+
 test_ssl:
         @echo "test SSL protocol"
         @sh ./testssl
@@ -264,6 +276,9 @@ $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
         $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
         $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
@@ -303,25 +318,31 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
         $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+        $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 bftest.o: ../include/openssl/blowfish.h
 bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
-bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
-bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
-bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+bntest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bntest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+bntest.o: ../include/openssl/err.h ../include/openssl/evp.h
+bntest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+bntest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+bntest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h
 casttest.o: ../include/openssl/cast.h
 destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
 destest.o: ../include/openssl/opensslconf.h
@@ -329,18 +350,37 @@ dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dhtest.o: ../include/openssl/stack.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dsatest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dsatest.o: ../include/openssl/symhacks.h
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enginetest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+enginetest.o: ../include/openssl/des.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enginetest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enginetest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enginetest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h
 exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
-exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-exptest.o: ../include/openssl/stack.h
+exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/symhacks.h
 hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
@@ -348,15 +388,17 @@ hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
 hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
-hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
 hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-hmactest.o: ../include/openssl/stack.h
+hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
 md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+md4test.o: ../include/openssl/md4.h
 md5test.o: ../include/openssl/md5.h
 mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
 mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
@@ -365,32 +407,35 @@ rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
 rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
 rc5test.o: ../include/openssl/rc5.h
 rmdtest.o: ../include/openssl/ripemd.h
-rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-rsa_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
 rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa_test.o: ../include/openssl/stack.h
+rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 sha1test.o: ../include/openssl/sha.h
 shatest.o: ../include/openssl/sha.h
 ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssltest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssltest.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssltest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssltest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssltest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssltest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssltest.o: ../include/openssl/x509_vfy.h
diff --git a/src/lib/libssl/src/test/enginetest.c b/src/lib/libssl/src/test/enginetest.c
new file mode 100644
index 0000000000..a5a3c47fcb
--- /dev/null
+++ b/src/lib/libssl/src/test/enginetest.c
@@ -0,0 +1,251 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        if(!ENGINE_remove(new_h1))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                free((char *)(ENGINE_get_id(block[loop])));
+                free((char *)(ENGINE_get_name(block[loop])));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        return to_return;
+        }
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index 1246d9a077..135e0bfeb9 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -143,7 +143,7 @@ $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The TEST Files.
 $!
-$ TEST_FILES = "BNTEST,IDEATEST,MD2TEST,MD5TEST,HMACTEST,"+ -
+$ TEST_FILES = "BNTEST,IDEATEST,MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
                "RC2TEST,RC4TEST,RC5TEST,"+ -
                "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ -
                "RANDTEST,DHTEST,"+ -
diff --git a/src/lib/libssl/src/test/md4test.c b/src/lib/libssl/src/test/md4test.c
new file mode 100644
index 0000000000..97e6e21efd
--- /dev/null
+++ b/src/lib/libssl/src/test/md4test.c
@@ -0,0 +1,131 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libssl/src/test/testp7.pem b/src/lib/libssl/src/test/testp7.pem
index 6bba16f137..e5b7866c31 100644
--- a/src/lib/libssl/src/test/testp7.pem
+++ b/src/lib/libssl/src/test/testp7.pem
@@ -1,46 +1,46 @@
 -----BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw
-ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G
-A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL
-EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X
-DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy
-bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g
-Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln
-aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz
-aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE
-KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO
-Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB
-AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL
-YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
-IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0
-bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50
-IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D
-UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg
-b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN
-b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz
-MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg
-UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC
-SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv
-MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw
-DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf
-gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ
-fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew
-HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl
-cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu
-IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B
-AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
-MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
-AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
-TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
-UNCaNQ1H26GCAa0wgcEwbTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0EX
-DTk2MDcxNzE3NDQwOVoXDTk4MDcxNzAwMDAwMFowDQYJKoZIhvcNAQECBQADQQB4
-rQNP8QLpAox83odQDE/5dqAuvDfshW/miTxwQTMXOoBtjGiowTcG+YXF1JZTJRMT
-jQN47tdH+6MCKt7N8MddMIHmMIGRMA0GCSqGSIb3DQEBAgUAMGIxETAPBgNVBAcT
-CEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
-aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlchcNOTYwNzE3
-MTc1OTI5WhcNOTcwNzE4MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBALm1VmE7FrEJ
-rLXvX/lIDMPAZIw5TNuX8EC6wn5ppy8Y3sHstdJEkTsqVGiS2/q+KEQC3NHxvV32
-bGooiIKLUB4xAAAAAAA=
+MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
+cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
+DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
+BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
+HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
+ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
+aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
+aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
+VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
+UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
+AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
+BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
+ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
+IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
+bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
+OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
+IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
+ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
+cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
+QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
+MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
+AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
+cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
+AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
+dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
+Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
+TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
+AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
+2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
+47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
+AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
+ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
+BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
+ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
+MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
+sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
+XfZsaiiIgotQHjEA
 -----END PKCS7-----
diff --git a/src/lib/libssl/src/test/tests.com b/src/lib/libssl/src/test/tests.com
index 040dafab8d..df8f46e75d 100644
--- a/src/lib/libssl/src/test/tests.com
+++ b/src/lib/libssl/src/test/tests.com
@@ -19,11 +19,12 @@ $	then
 $           tests = p1
 $       else
 $           tests := -
-        test_des,test_idea,test_sha,test_md5,test_hmac,test_md2,test_mdc2,-
+        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
+        test_md2,test_mdc2,-
         test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
         test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,-
         test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ssl,test_ca
+        test_ss,test_ca,test_ssl
 $       endif
 $       tests = f$edit(tests,"COLLAPSE")
 $
@@ -35,6 +36,7 @@ $	SHA1TEST :=	sha1test
 $       MDC2TEST :=     mdc2test
 $       RMDTEST :=      rmdtest
 $       MD2TEST :=      md2test
+$       MD4TEST :=      md4test
 $       MD5TEST :=      md5test
 $       HMACTEST :=     hmactest
 $       RC2TEST :=      rc2test
@@ -55,54 +57,58 @@ $ loop_tests:
 $       tests_e = f$element(tests_i,",",tests)
 $       tests_i = tests_i + 1
 $       if tests_e .eqs. "," then goto exit
-$       goto 'tests_e'
+$       gosub 'tests_e'
+$       goto loop_tests
 $
 $ test_des:
 $       mcr 'texe_dir''destest'
-$       goto loop_tests
+$       return
 $ test_idea:
 $       mcr 'texe_dir''ideatest'
-$       goto loop_tests
+$       return
 $ test_sha:
 $       mcr 'texe_dir''shatest'
 $       mcr 'texe_dir''sha1test'
-$       goto loop_tests
+$       return
 $ test_mdc2:
 $       mcr 'texe_dir''mdc2test'
-$       goto loop_tests
+$       return
 $ test_md5:
 $       mcr 'texe_dir''md5test'
-$       goto loop_tests
+$       return
+$ test_md4:
+$       mcr 'texe_dir''md4test'
+$       return
 $ test_hmac:
 $       mcr 'texe_dir''hmactest'
-$       goto loop_tests
+$       return
 $ test_md2:
 $       mcr 'texe_dir''md2test'
-$       goto loop_tests
+$       return
 $ test_rmd:
 $       mcr 'texe_dir''rmdtest'
-$       goto loop_tests
+$       return
 $ test_bf:
 $       mcr 'texe_dir''bftest'
-$       goto loop_tests
+$       return
 $ test_cast:
 $       mcr 'texe_dir''casttest'
-$       goto loop_tests
+$       return
 $ test_rc2:
 $       mcr 'texe_dir''rc2test'
-$       goto loop_tests
+$       return
 $ test_rc4:
 $       mcr 'texe_dir''rc4test'
-$       goto loop_tests
+$       return
 $ test_rc5:
 $       mcr 'texe_dir''rc5test'
-$       goto loop_tests
+$       return
 $ test_rand:
 $       mcr 'texe_dir''randtest'
-$       goto loop_tests
+$       return
 $ test_enc:
 $       @testenc.com
-$       goto loop_tests
+$       return
 $ test_x509:
 $       define sys$error nla0:
 $       write sys$output "test normal x509v1 certificate"
@@ -112,35 +118,35 @@ $	@tx509.com v3-cert1.pem
 $       write sys$output "test second x509v3 certificate"
 $       @tx509.com v3-cert2.pem
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_rsa:
 $       define sys$error nla0:
 $       @trsa.com
 $       deassign sys$error
 $       mcr 'texe_dir''rsatest'
-$       goto loop_tests
+$       return
 $ test_crl:
 $       define sys$error nla0:
 $       @tcrl.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_sid:
 $       define sys$error nla0:
 $       @tsid.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_req:
 $       define sys$error nla0:
 $       @treq.com
 $       @treq.com testreq2.pem
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_pkcs7:
 $       define sys$error nla0:
 $       @tpkcs7.com
 $       @tpkcs7d.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_bn:
 $       write sys$output "starting big number library test, could take a while..."
 $       create bntest-vms.fdl
@@ -164,36 +170,56 @@ $	write sys$output "-- through sh or bash to verify that the bignum operations w
 $       write sys$output ""
 $       write sys$output "test a^b%c implementations"
 $       mcr 'texe_dir''exptest'
-$       goto loop_tests
+$       return
 $ test_verify:
 $       write sys$output "The following command should have some OK's and some failures"
 $       write sys$output "There are definitly a few expired certificates"
 $       @tverify.com
-$       goto loop_tests
+$       return
 $ test_dh:
 $       write sys$output "Generate a set of DH parameters"
 $       mcr 'texe_dir''dhtest'
-$       goto loop_tests
+$       return
 $ test_dsa:
 $       write sys$output "Generate a set of DSA parameters"
 $       mcr 'texe_dir''dsatest'
-$       goto loop_tests
+$       return
 $ test_gen:
 $       write sys$output "Generate and verify a certificate request"
 $       @testgen.com
-$       goto loop_tests
+$       return
+$ maybe_test_ss:
+$       testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
+$       if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       return
 $ test_ss:
 $       write sys$output "Generate and certify a test certificate"
 $       @testss.com
-$       goto loop_tests
+$       return
 $ test_ssl:
 $       write sys$output "test SSL protocol"
-$       @testssl.com
-$       goto loop_tests
+$       gosub maybe_test_ss
+$       @testssl.com keyU.ss certU.ss certCA.ss
+$       return
 $ test_ca:
-$       write sys$output "Generate and certify a test certificate via the 'ca' program"
-$       @testca.com
-$       goto loop_tests
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping CA.com test -- requires RSA"
+$       else
+$           write sys$output "Generate and certify a test certificate via the 'ca' program"
+$           @testca.com
+$       endif
+$       return
 $
 $
 $ exit:
diff --git a/src/lib/libssl/src/times/x86/md4s.cpp b/src/lib/libssl/src/times/x86/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/src/lib/libssl/src/times/x86/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD4_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md4_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md4_block_x86(&ctx,buffer,num);
+                        }
+                printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
+
diff --git a/src/lib/libssl/src/tools/c_rehash.in b/src/lib/libssl/src/tools/c_rehash.in
index cc3b65871f..baec7c14ff 100644
--- a/src/lib/libssl/src/tools/c_rehash.in
+++ b/src/lib/libssl/src/tools/c_rehash.in
@@ -1,61 +1,148 @@
-#!/bin/sh
-#
-# redo the hashes for the certificates in your cert path or the ones passed
-# on the command line.
-#
-
-if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
-        OPENSSL='openssl'
-        export OPENSSL
-fi
-DIR=/usr/local/ssl
-PATH=$DIR/bin:$PATH
-
-if [ ! -f "$OPENSSL" ]; then
-    found=0
-    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
-        if [ -f "$dir/$OPENSSL" ]; then
-            found=1
-            break
-        fi
-    done
-    if [ $found = 0 ]; then
-        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
-        exit 0
-    fi
-fi
-
-SSL_DIR=$DIR/certs
-
-if [ "$*" = "" ]; then
-        CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
-else
-        CERTS=$*
-fi
-
-IFS=': '
-for i in $CERTS
-do
-  (
-  IFS=' '
-  if [ -d $i -a -w $i ]; then
-    cd $i
-    echo "Doing $i"
-    for i in *.pem
-    do
-      if [ $i != '*.pem' ]; then
-        h=`$OPENSSL x509 -hash -noout -in $i`
-        if [ "x$h" = "x" ]; then
-          echo $i does not contain a certificate
-        else
-          if [ -f $h.0 ]; then
-            /bin/rm -f $h.0
-          fi
-          echo "$i => $h.0"
-          ln -s $i $h.0
-        fi
-      fi
-    done
-  fi
-  )
-done
+#!/usr/local/bin/perl
+
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $openssl;
+
+my $dir;
+
+if(defined $ENV{OPENSSL}) {
+        $openssl = $ENV{OPENSSL};
+} else {
+        $openssl = "openssl";
+        $ENV{OPENSSL} = $openssl;
+}
+
+$ENV{PATH} .= ":$dir/bin";
+
+if(! -f $openssl) {
+        my $found = 0;
+        foreach (split /:/, $ENV{PATH}) {
+                if(-f "$_/$openssl") {
+                        $found = 1;
+                        last;
+                }       
+        }
+        if($found == 0) {
+                print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+                exit 0;
+        }
+}
+
+if(@ARGV) {
+        @dirlist = @ARGV;
+} elsif($ENV{SSL_CERT_DIR}) {
+        @dirlist = split /:/, $ENV{SSL_CERT_DIR};
+} else {
+        $dirlist[0] = "$dir/certs";
+}
+
+
+foreach (@dirlist) {
+        if(-d $_ and -w $_) {
+                hash_dir($_);
+        }
+}
+
+sub hash_dir {
+        my %hashlist;
+        print "Doing $_[0]\n";
+        chdir $_[0];
+        opendir(DIR, ".");
+        my @flist = readdir(DIR);
+        # Delete any existing symbolic links
+        foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+                if(-l $_) {
+                        unlink $_;
+                }
+        }
+        closedir DIR;
+        FILE: foreach $fname (grep {/\.pem$/} @flist) {
+                # Check to see if certificates and/or CRLs present.
+                my ($cert, $crl) = check_file($fname);
+                if(!$cert && !$crl) {
+                        print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+                        next;
+                }
+                link_hash_cert($fname) if($cert);
+                link_hash_crl($fname) if($crl);
+        }
+}
+
+sub check_file {
+        my ($is_cert, $is_crl) = (0,0);
+        my $fname = $_[0];
+        open IN, $fname;
+        while(<IN>) {
+                if(/^-----BEGIN (.*)-----/) {
+                        my $hdr = $1;
+                        if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+                                $is_cert = 1;
+                                last if($is_crl);
+                        } elsif($hdr eq "X509 CRL") {
+                                $is_crl = 1;
+                                last if($is_cert);
+                        }
+                }
+        }
+        close IN;
+        return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+                my $fname = $_[0];
+                my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+                $fprint =~ tr/://d;
+                my $suffix = 0;
+                # Search for an unused hash filename
+                while(exists $hashlist{"$hash.$suffix"}) {
+                        # Hash matches: if fingerprint matches its a duplicate cert
+                        if($hashlist{"$hash.$suffix"} eq $fprint) {
+                                print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+                                return;
+                        }
+                        $suffix++;
+                }
+                $hash .= ".$suffix";
+                print "$fname => $hash\n";
+                symlink $fname, $hash;
+                $hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+                my $fname = $_[0];
+                my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+                $fprint =~ tr/://d;
+                my $suffix = 0;
+                # Search for an unused hash filename
+                while(exists $hashlist{"$hash.r$suffix"}) {
+                        # Hash matches: if fingerprint matches its a duplicate cert
+                        if($hashlist{"$hash.r$suffix"} eq $fprint) {
+                                print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+                                return;
+                        }
+                        $suffix++;
+                }
+                $hash .= ".r$suffix";
+                print "$fname => $hash\n";
+                symlink $fname, $hash;
+                $hashlist{$hash} = $fprint;
+}
+
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index f611d6b283..e8eebbf50c 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -1,2232 +1,1930 @@
-SSLeay                                  1
-SSLeay_version                          2
-ASN1_BIT_STRING_asn1_meth               3
-ASN1_HEADER_free                        4
-ASN1_HEADER_new                         5
-ASN1_IA5STRING_asn1_meth                6
-ASN1_INTEGER_get                        7
-ASN1_INTEGER_set                        8
-ASN1_INTEGER_to_BN                      9
-ASN1_OBJECT_create                      10
-ASN1_OBJECT_free                        11
-ASN1_OBJECT_new                         12
-ASN1_PRINTABLE_type                     13
-ASN1_STRING_cmp                         14
-ASN1_STRING_dup                         15
-ASN1_STRING_free                        16
-ASN1_STRING_new                         17
-ASN1_STRING_print                       18
-ASN1_STRING_set                         19
-ASN1_STRING_type_new                    20
-ASN1_TYPE_free                          21
-ASN1_TYPE_new                           22
-ASN1_UNIVERSALSTRING_to_string          23
-ASN1_UTCTIME_check                      24
-ASN1_UTCTIME_print                      25
-ASN1_UTCTIME_set                        26
-ASN1_check_infinite_end                 27
-ASN1_d2i_bio                            28
-ASN1_d2i_fp                             29
-ASN1_digest                             30
-ASN1_dup                                31
-ASN1_get_object                         32
-ASN1_i2d_bio                            33
-ASN1_i2d_fp                             34
-ASN1_object_size                        35
-ASN1_parse                              36
-ASN1_put_object                         37
-ASN1_sign                               38
-ASN1_verify                             39
-BF_cbc_encrypt                          40
-BF_cfb64_encrypt                        41
-BF_ecb_encrypt                          42
-BF_encrypt                              43
-BF_ofb64_encrypt                        44
-BF_options                              45
-BF_set_key                              46
-BIO_CONNECT_free                        47
-BIO_CONNECT_new                         48
-BIO_accept                              51
-BIO_ctrl                                52
-BIO_int_ctrl                            53
-BIO_debug_callback                      54
-BIO_dump                                55
-BIO_dup_chain                           56
-BIO_f_base64                            57
-BIO_f_buffer                            58
-BIO_f_cipher                            59
-BIO_f_md                                60
-BIO_f_null                              61
-BIO_f_proxy_server                      62
-BIO_fd_non_fatal_error                  63
-BIO_fd_should_retry                     64
-BIO_find_type                           65
-BIO_free                                66
-BIO_free_all                            67
-BIO_get_accept_socket                   69
-BIO_get_filter_bio                      70
-BIO_get_host_ip                         71
-BIO_get_port                            72
-BIO_get_retry_BIO                       73
-BIO_get_retry_reason                    74
-BIO_gethostbyname                       75
-BIO_gets                                76
-BIO_new                                 78
-BIO_new_accept                          79
-BIO_new_connect                         80
-BIO_new_fd                              81
-BIO_new_file                            82
-BIO_new_fp                              83
-BIO_new_socket                          84
-BIO_pop                                 85
-BIO_printf                              86
-BIO_push                                87
-BIO_puts                                88
-BIO_read                                89
-BIO_s_accept                            90
-BIO_s_connect                           91
-BIO_s_fd                                92
-BIO_s_file                              93
-BIO_s_mem                               95
-BIO_s_null                              96
-BIO_s_proxy_client                      97
-BIO_s_socket                            98
-BIO_set                                 100
-BIO_set_cipher                          101
-BIO_set_tcp_ndelay                      102
-BIO_sock_cleanup                        103
-BIO_sock_error                          104
-BIO_sock_init                           105
-BIO_sock_non_fatal_error                106
-BIO_sock_should_retry                   107
-BIO_socket_ioctl                        108
-BIO_write                               109
-BN_CTX_free                             110
-BN_CTX_new                              111
-BN_MONT_CTX_free                        112
-BN_MONT_CTX_new                         113
-BN_MONT_CTX_set                         114
-BN_add                                  115
-BN_add_word                             116
-BN_hex2bn                               117
-BN_bin2bn                               118
-BN_bn2hex                               119
-BN_bn2bin                               120
-BN_clear                                121
-BN_clear_bit                            122
-BN_clear_free                           123
-BN_cmp                                  124
-BN_copy                                 125
-BN_div                                  126
-BN_div_word                             127
-BN_dup                                  128
-BN_free                                 129
-BN_from_montgomery                      130
-BN_gcd                                  131
-BN_generate_prime                       132
-BN_get_word                             133
-BN_is_bit_set                           134
-BN_is_prime                             135
-BN_lshift                               136
-BN_lshift1                              137
-BN_mask_bits                            138
-BN_mod                                  139
-BN_mod_exp                              140
-BN_mod_exp_mont                         141
-BN_mod_exp_recp                         142
-BN_mod_exp_simple                       143
-BN_mod_inverse                          144
-BN_mod_mul                              145
-BN_mod_mul_montgomery                   146
-BN_mod_mul_reciprocal                   147
-BN_mod_word                             148
-BN_mul                                  149
-BN_new                                  150
-BN_num_bits                             151
-BN_num_bits_word                        152
-BN_options                              153
-BN_print                                154
-BN_print_fp                             155
-BN_rand                                 156
-BN_reciprocal                           157
-BN_rshift                               158
-BN_rshift1                              159
-BN_set_bit                              160
-BN_set_word                             161
-BN_sqr                                  162
-BN_sub                                  163
-BN_to_ASN1_INTEGER                      164
-BN_ucmp                                 165
-BN_value_one                            166
-BUF_MEM_free                            167
-BUF_MEM_grow                            168
-BUF_MEM_new                             169
-BUF_strdup                              170
-CONF_free                               171
-CONF_get_number                         172
-CONF_get_section                        173
-CONF_get_string                         174
-CONF_load                               175
-CRYPTO_add_lock                         176
-CRYPTO_dbg_free                         177
-CRYPTO_dbg_malloc                       178
-CRYPTO_dbg_realloc                      179
-CRYPTO_dbg_remalloc                     180
-CRYPTO_free                             181
-CRYPTO_get_add_lock_callback            182
-CRYPTO_get_id_callback                  183
-CRYPTO_get_lock_name                    184
-CRYPTO_get_locking_callback             185
-CRYPTO_get_mem_functions                186
-CRYPTO_lock                             187
-CRYPTO_malloc                           188
-CRYPTO_mem_ctrl                         189
-CRYPTO_mem_leaks                        190
-CRYPTO_mem_leaks_cb                     191
-CRYPTO_mem_leaks_fp                     192
-CRYPTO_realloc                          193
-CRYPTO_remalloc                         194
-CRYPTO_set_add_lock_callback            195
-CRYPTO_set_id_callback                  196
-CRYPTO_set_locking_callback             197
-CRYPTO_set_mem_functions                198
-CRYPTO_thread_id                        199
-DH_check                                200
-DH_compute_key                          201
-DH_free                                 202
-DH_generate_key                         203
-DH_generate_parameters                  204
-DH_new                                  205
-DH_size                                 206
-DHparams_print                          207
-DHparams_print_fp                       208
-DSA_free                                209
-DSA_generate_key                        210
-DSA_generate_parameters                 211
-DSA_is_prime                            212
-DSA_new                                 213
-DSA_print                               214
-DSA_print_fp                            215
-DSA_sign                                216
-DSA_sign_setup                          217
-DSA_size                                218
-DSA_verify                              219
-DSAparams_print                         220
-DSAparams_print_fp                      221
-ERR_clear_error                         222
-ERR_error_string                        223
-ERR_free_strings                        224
-ERR_func_error_string                   225
-ERR_get_err_state_table                 226
-ERR_get_error                           227
-ERR_get_error_line                      228
-ERR_get_state                           229
-ERR_get_string_table                    230
-ERR_lib_error_string                    231
-ERR_load_ASN1_strings                   232
-ERR_load_BIO_strings                    233
-ERR_load_BN_strings                     234
-ERR_load_BUF_strings                    235
-ERR_load_CONF_strings                   236
-ERR_load_DH_strings                     237
-ERR_load_DSA_strings                    238
-ERR_load_ERR_strings                    239
-ERR_load_EVP_strings                    240
-ERR_load_OBJ_strings                    241
-ERR_load_PEM_strings                    242
-ERR_load_PROXY_strings                  243
-ERR_load_RSA_strings                    244
-ERR_load_X509_strings                   245
-ERR_load_crypto_strings                 246
-ERR_load_strings                        247
-ERR_peek_error                          248
-ERR_peek_error_line                     249
-ERR_print_errors                        250
-ERR_print_errors_fp                     251
-ERR_put_error                           252
-ERR_reason_error_string                 253
-ERR_remove_state                        254
-EVP_BytesToKey                          255
-EVP_CIPHER_CTX_cleanup                  256
-EVP_CipherFinal                         257
-EVP_CipherInit                          258
-EVP_CipherUpdate                        259
-EVP_DecodeBlock                         260
-EVP_DecodeFinal                         261
-EVP_DecodeInit                          262
-EVP_DecodeUpdate                        263
-EVP_DecryptFinal                        264
-EVP_DecryptInit                         265
-EVP_DecryptUpdate                       266
-EVP_DigestFinal                         267
-EVP_DigestInit                          268
-EVP_DigestUpdate                        269
-EVP_EncodeBlock                         270
-EVP_EncodeFinal                         271
-EVP_EncodeInit                          272
-EVP_EncodeUpdate                        273
-EVP_EncryptFinal                        274
-EVP_EncryptInit                         275
-EVP_EncryptUpdate                       276
-EVP_OpenFinal                           277
-EVP_OpenInit                            278
-EVP_PKEY_assign                         279
-EVP_PKEY_copy_parameters                280
-EVP_PKEY_free                           281
-EVP_PKEY_missing_parameters             282
-EVP_PKEY_new                            283
-EVP_PKEY_save_parameters                284
-EVP_PKEY_size                           285
-EVP_PKEY_type                           286
-EVP_SealFinal                           287
-EVP_SealInit                            288
-EVP_SignFinal                           289
-EVP_VerifyFinal                         290
-EVP_add_alias                           291
-EVP_add_cipher                          292
-EVP_add_digest                          293
-EVP_bf_cbc                              294
-EVP_bf_cfb                              295
-EVP_bf_ecb                              296
-EVP_bf_ofb                              297
-EVP_cleanup                             298
-EVP_des_cbc                             299
-EVP_des_cfb                             300
-EVP_des_ecb                             301
-EVP_des_ede                             302
-EVP_des_ede3                            303
-EVP_des_ede3_cbc                        304
-EVP_des_ede3_cfb                        305
-EVP_des_ede3_ofb                        306
-EVP_des_ede_cbc                         307
-EVP_des_ede_cfb                         308
-EVP_des_ede_ofb                         309
-EVP_des_ofb                             310
-EVP_desx_cbc                            311
-EVP_dss                                 312
-EVP_dss1                                313
-EVP_enc_null                            314
-EVP_get_cipherbyname                    315
-EVP_get_digestbyname                    316
-EVP_get_pw_prompt                       317
-EVP_idea_cbc                            318
-EVP_idea_cfb                            319
-EVP_idea_ecb                            320
-EVP_idea_ofb                            321
-EVP_md2                                 322
-EVP_md5                                 323
-EVP_md_null                             324
-EVP_rc2_cbc                             325
-EVP_rc2_cfb                             326
-EVP_rc2_ecb                             327
-EVP_rc2_ofb                             328
-EVP_rc4                                 329
-EVP_read_pw_string                      330
-EVP_set_pw_prompt                       331
-EVP_sha                                 332
-EVP_sha1                                333
-MD2                                     334
-MD2_Final                               335
-MD2_Init                                336
-MD2_Update                              337
-MD2_options                             338
-MD5                                     339
-MD5_Final                               340
-MD5_Init                                341
-MD5_Update                              342
-MDC2                                    343
-MDC2_Final                              344
-MDC2_Init                               345
-MDC2_Update                             346
-NETSCAPE_SPKAC_free                     347
-NETSCAPE_SPKAC_new                      348
-NETSCAPE_SPKI_free                      349
-NETSCAPE_SPKI_new                       350
-NETSCAPE_SPKI_sign                      351
-NETSCAPE_SPKI_verify                    352
-OBJ_add_object                          353
-OBJ_bsearch                             354
-OBJ_cleanup                             355
-OBJ_cmp                                 356
-OBJ_create                              357
-OBJ_dup                                 358
-OBJ_ln2nid                              359
-OBJ_new_nid                             360
-OBJ_nid2ln                              361
-OBJ_nid2obj                             362
-OBJ_nid2sn                              363
-OBJ_obj2nid                             364
-OBJ_sn2nid                              365
-OBJ_txt2nid                             366
-PEM_ASN1_read                           367
-PEM_ASN1_read_bio                       368
-PEM_ASN1_write                          369
-PEM_ASN1_write_bio                      370
-PEM_SealFinal                           371
-PEM_SealInit                            372
-PEM_SealUpdate                          373
-PEM_SignFinal                           374
-PEM_SignInit                            375
-PEM_SignUpdate                          376
-PEM_X509_INFO_read                      377
-PEM_X509_INFO_read_bio                  378
-PEM_X509_INFO_write_bio                 379
-PEM_dek_info                            380
-PEM_do_header                           381
-PEM_get_EVP_CIPHER_INFO                 382
-PEM_proc_type                           383
-PEM_read                                384
-PEM_read_DHparams                       385
-PEM_read_DSAPrivateKey                  386
-PEM_read_DSAparams                      387
-PEM_read_PKCS7                          388
-PEM_read_PrivateKey                     389
-PEM_read_RSAPrivateKey                  390
-PEM_read_X509                           391
-PEM_read_X509_CRL                       392
-PEM_read_X509_REQ                       393
-PEM_read_bio                            394
-PEM_read_bio_DHparams                   395
-PEM_read_bio_DSAPrivateKey              396
-PEM_read_bio_DSAparams                  397
-PEM_read_bio_PKCS7                      398
-PEM_read_bio_PrivateKey                 399
-PEM_read_bio_RSAPrivateKey              400
-PEM_read_bio_X509                       401
-PEM_read_bio_X509_CRL                   402
-PEM_read_bio_X509_REQ                   403
-PEM_write                               404
-PEM_write_DHparams                      405
-PEM_write_DSAPrivateKey                 406
-PEM_write_DSAparams                     407
-PEM_write_PKCS7                         408
-PEM_write_PrivateKey                    409
-PEM_write_RSAPrivateKey                 410
-PEM_write_X509                          411
-PEM_write_X509_CRL                      412
-PEM_write_X509_REQ                      413
-PEM_write_bio                           414
-PEM_write_bio_DHparams                  415
-PEM_write_bio_DSAPrivateKey             416
-PEM_write_bio_DSAparams                 417
-PEM_write_bio_PKCS7                     418
-PEM_write_bio_PrivateKey                419
-PEM_write_bio_RSAPrivateKey             420
-PEM_write_bio_X509                      421
-PEM_write_bio_X509_CRL                  422
-PEM_write_bio_X509_REQ                  423
-PKCS7_DIGEST_free                       424
-PKCS7_DIGEST_new                        425
-PKCS7_ENCRYPT_free                      426
-PKCS7_ENCRYPT_new                       427
-PKCS7_ENC_CONTENT_free                  428
-PKCS7_ENC_CONTENT_new                   429
-PKCS7_ENVELOPE_free                     430
-PKCS7_ENVELOPE_new                      431
-PKCS7_ISSUER_AND_SERIAL_digest          432
-PKCS7_ISSUER_AND_SERIAL_free            433
-PKCS7_ISSUER_AND_SERIAL_new             434
-PKCS7_RECIP_INFO_free                   435
-PKCS7_RECIP_INFO_new                    436
-PKCS7_SIGNED_free                       437
-PKCS7_SIGNED_new                        438
-PKCS7_SIGNER_INFO_free                  439
-PKCS7_SIGNER_INFO_new                   440
-PKCS7_SIGN_ENVELOPE_free                441
-PKCS7_SIGN_ENVELOPE_new                 442
-PKCS7_dup                               443
-PKCS7_free                              444
-PKCS7_new                               445
-PROXY_ENTRY_add_noproxy                 446
-PROXY_ENTRY_clear_noproxy               447
-PROXY_ENTRY_free                        448
-PROXY_ENTRY_get_noproxy                 449
-PROXY_ENTRY_new                         450
-PROXY_ENTRY_set_server                  451
-PROXY_add_noproxy                       452
-PROXY_add_server                        453
-PROXY_check_by_host                     454
-PROXY_check_url                         455
-PROXY_clear_noproxy                     456
-PROXY_free                              457
-PROXY_get_noproxy                       458
-PROXY_get_proxies                       459
-PROXY_get_proxy_entry                   460
-PROXY_load_conf                         461
-PROXY_new                               462
-PROXY_print                             463
-RAND_bytes                              464
-RAND_cleanup                            465
-RAND_file_name                          466
-RAND_load_file                          467
-RAND_screen                             468
-RAND_seed                               469
-RAND_write_file                         470
-RC2_cbc_encrypt                         471
-RC2_cfb64_encrypt                       472
-RC2_ecb_encrypt                         473
-RC2_encrypt                             474
-RC2_ofb64_encrypt                       475
-RC2_set_key                             476
-RC4                                     477
-RC4_options                             478
-RC4_set_key                             479
-RSAPrivateKey_asn1_meth                 480
-RSAPrivateKey_dup                       481
-RSAPublicKey_dup                        482
-RSA_PKCS1_SSLeay                        483
-RSA_free                                484
-RSA_generate_key                        485
-RSA_new                                 486
-RSA_new_method                          487
-RSA_print                               488
-RSA_print_fp                            489
-RSA_private_decrypt                     490
-RSA_private_encrypt                     491
-RSA_public_decrypt                      492
-RSA_public_encrypt                      493
-RSA_set_default_method                  494
-RSA_sign                                495
-RSA_sign_ASN1_OCTET_STRING              496
-RSA_size                                497
-RSA_verify                              498
-RSA_verify_ASN1_OCTET_STRING            499
-SHA                                     500
-SHA1                                    501
-SHA1_Final                              502
-SHA1_Init                               503
-SHA1_Update                             504
-SHA_Final                               505
-SHA_Init                                506
-SHA_Update                              507
-OpenSSL_add_all_algorithms              508
-OpenSSL_add_all_ciphers                 509
-OpenSSL_add_all_digests                 510
-TXT_DB_create_index                     511
-TXT_DB_free                             512
-TXT_DB_get_by_index                     513
-TXT_DB_insert                           514
-TXT_DB_read                             515
-TXT_DB_write                            516
-X509_ALGOR_free                         517
-X509_ALGOR_new                          518
-X509_ATTRIBUTE_free                     519
-X509_ATTRIBUTE_new                      520
-X509_CINF_free                          521
-X509_CINF_new                           522
-X509_CRL_INFO_free                      523
-X509_CRL_INFO_new                       524
-X509_CRL_add_ext                        525
-X509_CRL_cmp                            526
-X509_CRL_delete_ext                     527
-X509_CRL_dup                            528
-X509_CRL_free                           529
-X509_CRL_get_ext                        530
-X509_CRL_get_ext_by_NID                 531
-X509_CRL_get_ext_by_OBJ                 532
-X509_CRL_get_ext_by_critical            533
-X509_CRL_get_ext_count                  534
-X509_CRL_new                            535
-X509_CRL_sign                           536
-X509_CRL_verify                         537
-X509_EXTENSION_create_by_NID            538
-X509_EXTENSION_create_by_OBJ            539
-X509_EXTENSION_dup                      540
-X509_EXTENSION_free                     541
-X509_EXTENSION_get_critical             542
-X509_EXTENSION_get_data                 543
-X509_EXTENSION_get_object               544
-X509_EXTENSION_new                      545
-X509_EXTENSION_set_critical             546
-X509_EXTENSION_set_data                 547
-X509_EXTENSION_set_object               548
-X509_INFO_free                          549
-X509_INFO_new                           550
-X509_LOOKUP_by_alias                    551
-X509_LOOKUP_by_fingerprint              552
-X509_LOOKUP_by_issuer_serial            553
-X509_LOOKUP_by_subject                  554
-X509_LOOKUP_ctrl                        555
-X509_LOOKUP_file                        556
-X509_LOOKUP_free                        557
-X509_LOOKUP_hash_dir                    558
-X509_LOOKUP_init                        559
-X509_LOOKUP_new                         560
-X509_LOOKUP_shutdown                    561
-X509_NAME_ENTRY_create_by_NID           562
-X509_NAME_ENTRY_create_by_OBJ           563
-X509_NAME_ENTRY_dup                     564
-X509_NAME_ENTRY_free                    565
-X509_NAME_ENTRY_get_data                566
-X509_NAME_ENTRY_get_object              567
-X509_NAME_ENTRY_new                     568
-X509_NAME_ENTRY_set_data                569
-X509_NAME_ENTRY_set_object              570
-X509_NAME_add_entry                     571
-X509_NAME_cmp                           572
-X509_NAME_delete_entry                  573
-X509_NAME_digest                        574
-X509_NAME_dup                           575
-X509_NAME_entry_count                   576
-X509_NAME_free                          577
-X509_NAME_get_entry                     578
-X509_NAME_get_index_by_NID              579
-X509_NAME_get_index_by_OBJ              580
-X509_NAME_get_text_by_NID               581
-X509_NAME_get_text_by_OBJ               582
-X509_NAME_hash                          583
-X509_NAME_new                           584
-X509_NAME_oneline                       585
-X509_NAME_print                         586
-X509_NAME_set                           587
-X509_OBJECT_free_contents               588
-X509_OBJECT_retrieve_by_subject         589
-X509_OBJECT_up_ref_count                590
-X509_PKEY_free                          591
-X509_PKEY_new                           592
-X509_PUBKEY_free                        593
-X509_PUBKEY_get                         594
-X509_PUBKEY_new                         595
-X509_PUBKEY_set                         596
-X509_REQ_INFO_free                      597
-X509_REQ_INFO_new                       598
-X509_REQ_dup                            599
-X509_REQ_free                           600
-X509_REQ_get_pubkey                     601
-X509_REQ_new                            602
-X509_REQ_print                          603
-X509_REQ_print_fp                       604
-X509_REQ_set_pubkey                     605
-X509_REQ_set_subject_name               606
-X509_REQ_set_version                    607
-X509_REQ_sign                           608
-X509_REQ_to_X509                        609
-X509_REQ_verify                         610
-X509_REVOKED_add_ext                    611
-X509_REVOKED_delete_ext                 612
-X509_REVOKED_free                       613
-X509_REVOKED_get_ext                    614
-X509_REVOKED_get_ext_by_NID             615
-X509_REVOKED_get_ext_by_OBJ             616
-X509_REVOKED_get_ext_by_critical        617
-X509_REVOKED_get_ext_count              618
-X509_REVOKED_new                        619
-X509_SIG_free                           620
-X509_SIG_new                            621
-X509_STORE_CTX_cleanup                  622
-X509_STORE_CTX_init                     623
-X509_STORE_add_cert                     624
-X509_STORE_add_lookup                   625
-X509_STORE_free                         626
-X509_STORE_get_by_subject               627
-X509_STORE_load_locations               628
-X509_STORE_new                          629
-X509_STORE_set_default_paths            630
-X509_VAL_free                           631
-X509_VAL_new                            632
-X509_add_ext                            633
-X509_asn1_meth                          634
-X509_certificate_type                   635
-X509_check_private_key                  636
-X509_cmp_current_time                   637
-X509_delete_ext                         638
-X509_digest                             639
-X509_dup                                640
-X509_free                               641
-X509_get_default_cert_area              642
-X509_get_default_cert_dir               643
-X509_get_default_cert_dir_env           644
-X509_get_default_cert_file              645
-X509_get_default_cert_file_env          646
-X509_get_default_private_dir            647
-X509_get_ext                            648
-X509_get_ext_by_NID                     649
-X509_get_ext_by_OBJ                     650
-X509_get_ext_by_critical                651
-X509_get_ext_count                      652
-X509_get_issuer_name                    653
-X509_get_pubkey                         654
-X509_get_pubkey_parameters              655
-X509_get_serialNumber                   656
-X509_get_subject_name                   657
-X509_gmtime_adj                         658
-X509_issuer_and_serial_cmp              659
-X509_issuer_and_serial_hash             660
-X509_issuer_name_cmp                    661
-X509_issuer_name_hash                   662
-X509_load_cert_file                     663
-X509_new                                664
-X509_print                              665
-X509_print_fp                           666
-X509_set_issuer_name                    667
-X509_set_notAfter                       668
-X509_set_notBefore                      669
-X509_set_pubkey                         670
-X509_set_serialNumber                   671
-X509_set_subject_name                   672
-X509_set_version                        673
-X509_sign                               674
-X509_subject_name_cmp                   675
-X509_subject_name_hash                  676
-X509_to_X509_REQ                        677
-X509_verify                             678
-X509_verify_cert                        679
-X509_verify_cert_error_string           680
-X509v3_add_ext                          681
-X509v3_add_extension                    682
-X509v3_add_netscape_extensions          683
-X509v3_add_standard_extensions          684
-X509v3_cleanup_extensions               685
-X509v3_data_type_by_NID                 686
-X509v3_data_type_by_OBJ                 687
-X509v3_delete_ext                       688
-X509v3_get_ext                          689
-X509v3_get_ext_by_NID                   690
-X509v3_get_ext_by_OBJ                   691
-X509v3_get_ext_by_critical              692
-X509v3_get_ext_count                    693
-X509v3_pack_string                      694
-X509v3_pack_type_by_NID                 695
-X509v3_pack_type_by_OBJ                 696
-X509v3_unpack_string                    697
-_des_crypt                              698
-a2d_ASN1_OBJECT                         699
-a2i_ASN1_INTEGER                        700
-a2i_ASN1_STRING                         701
-asn1_Finish                             702
-asn1_GetSequence                        703
-bn_div_words                            704
-bn_expand2                              705
-bn_mul_add_words                        706
-bn_mul_words                            707
-BN_uadd                                 708
-BN_usub                                 709
-bn_sqr_words                            710
-crypt                                   711
-d2i_ASN1_BIT_STRING                     712
-d2i_ASN1_BOOLEAN                        713
-d2i_ASN1_HEADER                         714
-d2i_ASN1_IA5STRING                      715
-d2i_ASN1_INTEGER                        716
-d2i_ASN1_OBJECT                         717
-d2i_ASN1_OCTET_STRING                   718
-d2i_ASN1_PRINTABLE                      719
-d2i_ASN1_PRINTABLESTRING                720
-d2i_ASN1_SET                            721
-d2i_ASN1_T61STRING                      722
-d2i_ASN1_TYPE                           723
-d2i_ASN1_UTCTIME                        724
-d2i_ASN1_bytes                          725
-d2i_ASN1_type_bytes                     726
-d2i_DHparams                            727
-d2i_DSAPrivateKey                       728
-d2i_DSAPrivateKey_bio                   729
-d2i_DSAPrivateKey_fp                    730
-d2i_DSAPublicKey                        731
-d2i_DSAparams                           732
-d2i_NETSCAPE_SPKAC                      733
-d2i_NETSCAPE_SPKI                       734
-d2i_Netscape_RSA                        735
-d2i_PKCS7                               736
-d2i_PKCS7_DIGEST                        737
-d2i_PKCS7_ENCRYPT                       738
-d2i_PKCS7_ENC_CONTENT                   739
-d2i_PKCS7_ENVELOPE                      740
-d2i_PKCS7_ISSUER_AND_SERIAL             741
-d2i_PKCS7_RECIP_INFO                    742
-d2i_PKCS7_SIGNED                        743
-d2i_PKCS7_SIGNER_INFO                   744
-d2i_PKCS7_SIGN_ENVELOPE                 745
-d2i_PKCS7_bio                           746
-d2i_PKCS7_fp                            747
-d2i_PrivateKey                          748
-d2i_PublicKey                           749
-d2i_RSAPrivateKey                       750
-d2i_RSAPrivateKey_bio                   751
-d2i_RSAPrivateKey_fp                    752
-d2i_RSAPublicKey                        753
-d2i_X509                                754
-d2i_X509_ALGOR                          755
-d2i_X509_ATTRIBUTE                      756
-d2i_X509_CINF                           757
-d2i_X509_CRL                            758
-d2i_X509_CRL_INFO                       759
-d2i_X509_CRL_bio                        760
-d2i_X509_CRL_fp                         761
-d2i_X509_EXTENSION                      762
-d2i_X509_NAME                           763
-d2i_X509_NAME_ENTRY                     764
-d2i_X509_PKEY                           765
-d2i_X509_PUBKEY                         766
-d2i_X509_REQ                            767
-d2i_X509_REQ_INFO                       768
-d2i_X509_REQ_bio                        769
-d2i_X509_REQ_fp                         770
-d2i_X509_REVOKED                        771
-d2i_X509_SIG                            772
-d2i_X509_VAL                            773
-d2i_X509_bio                            774
-d2i_X509_fp                             775
-des_cbc_cksum                           777
-des_cbc_encrypt                         778
-des_cblock_print_file                   779
-des_cfb64_encrypt                       780
-des_cfb_encrypt                         781
-des_decrypt3                            782
-des_ecb3_encrypt                        783
-des_ecb_encrypt                         784
-des_ede3_cbc_encrypt                    785
-des_ede3_cfb64_encrypt                  786
-des_ede3_ofb64_encrypt                  787
-des_enc_read                            788
-des_enc_write                           789
-des_encrypt                             790
-des_encrypt2                            791
-des_encrypt3                            792
-des_fcrypt                              793
-des_is_weak_key                         794
-des_key_sched                           795
-des_ncbc_encrypt                        796
-des_ofb64_encrypt                       797
-des_ofb_encrypt                         798
-des_options                             799
-des_pcbc_encrypt                        800
-des_quad_cksum                          801
-des_random_key                          802
-des_random_seed                         803
-des_read_2passwords                     804
-des_read_password                       805
-des_read_pw                             806
-des_read_pw_string                      807
-des_set_key                             808
-des_set_odd_parity                      809
-des_string_to_2keys                     810
-des_string_to_key                       811
-des_xcbc_encrypt                        812
-des_xwhite_in2out                       813
-fcrypt_body                             814
-i2a_ASN1_INTEGER                        815
-i2a_ASN1_OBJECT                         816
-i2a_ASN1_STRING                         817
-i2d_ASN1_BIT_STRING                     818
-i2d_ASN1_BOOLEAN                        819
-i2d_ASN1_HEADER                         820
-i2d_ASN1_IA5STRING                      821
-i2d_ASN1_INTEGER                        822
-i2d_ASN1_OBJECT                         823
-i2d_ASN1_OCTET_STRING                   824
-i2d_ASN1_PRINTABLE                      825
-i2d_ASN1_SET                            826
-i2d_ASN1_TYPE                           827
-i2d_ASN1_UTCTIME                        828
-i2d_ASN1_bytes                          829
-i2d_DHparams                            830
-i2d_DSAPrivateKey                       831
-i2d_DSAPrivateKey_bio                   832
-i2d_DSAPrivateKey_fp                    833
-i2d_DSAPublicKey                        834
-i2d_DSAparams                           835
-i2d_NETSCAPE_SPKAC                      836
-i2d_NETSCAPE_SPKI                       837
-i2d_Netscape_RSA                        838
-i2d_PKCS7                               839
-i2d_PKCS7_DIGEST                        840
-i2d_PKCS7_ENCRYPT                       841
-i2d_PKCS7_ENC_CONTENT                   842
-i2d_PKCS7_ENVELOPE                      843
-i2d_PKCS7_ISSUER_AND_SERIAL             844
-i2d_PKCS7_RECIP_INFO                    845
-i2d_PKCS7_SIGNED                        846
-i2d_PKCS7_SIGNER_INFO                   847
-i2d_PKCS7_SIGN_ENVELOPE                 848
-i2d_PKCS7_bio                           849
-i2d_PKCS7_fp                            850
-i2d_PrivateKey                          851
-i2d_PublicKey                           852
-i2d_RSAPrivateKey                       853
-i2d_RSAPrivateKey_bio                   854
-i2d_RSAPrivateKey_fp                    855
-i2d_RSAPublicKey                        856
-i2d_X509                                857
-i2d_X509_ALGOR                          858
-i2d_X509_ATTRIBUTE                      859
-i2d_X509_CINF                           860
-i2d_X509_CRL                            861
-i2d_X509_CRL_INFO                       862
-i2d_X509_CRL_bio                        863
-i2d_X509_CRL_fp                         864
-i2d_X509_EXTENSION                      865
-i2d_X509_NAME                           866
-i2d_X509_NAME_ENTRY                     867
-i2d_X509_PKEY                           868
-i2d_X509_PUBKEY                         869
-i2d_X509_REQ                            870
-i2d_X509_REQ_INFO                       871
-i2d_X509_REQ_bio                        872
-i2d_X509_REQ_fp                         873
-i2d_X509_REVOKED                        874
-i2d_X509_SIG                            875
-i2d_X509_VAL                            876
-i2d_X509_bio                            877
-i2d_X509_fp                             878
-idea_cbc_encrypt                        879
-idea_cfb64_encrypt                      880
-idea_ecb_encrypt                        881
-idea_encrypt                            882
-idea_ofb64_encrypt                      883
-idea_options                            884
-idea_set_decrypt_key                    885
-idea_set_encrypt_key                    886
-lh_delete                               887
-lh_doall                                888
-lh_doall_arg                            889
-lh_free                                 890
-lh_insert                               891
-lh_new                                  892
-lh_node_stats                           893
-lh_node_stats_bio                       894
-lh_node_usage_stats                     895
-lh_node_usage_stats_bio                 896
-lh_retrieve                             897
-lh_stats                                898
-lh_stats_bio                            899
-lh_strhash                              900
-sk_delete                               901
-sk_delete_ptr                           902
-sk_dup                                  903
-sk_find                                 904
-sk_free                                 905
-sk_insert                               906
-sk_new                                  907
-sk_pop                                  908
-sk_pop_free                             909
-sk_push                                 910
-sk_set_cmp_func                         911
-sk_shift                                912
-sk_unshift                              913
-sk_zero                                 914
-BIO_f_nbio_test                         915
-ASN1_TYPE_get                           916
-ASN1_TYPE_set                           917
-PKCS7_content_free                      918
-ERR_load_PKCS7_strings                  919
-X509_find_by_issuer_and_serial          920
-X509_find_by_subject                    921
-PKCS7_ctrl                              927
-PKCS7_set_type                          928
-PKCS7_set_content                       929
-PKCS7_SIGNER_INFO_set                   930
-PKCS7_add_signer                        931
-PKCS7_add_certificate                   932
-PKCS7_add_crl                           933
-PKCS7_content_new                       934
-PKCS7_dataSign                          935
-PKCS7_dataVerify                        936
-PKCS7_dataInit                          937
-PKCS7_add_signature                     938
-PKCS7_cert_from_signer_info             939
-PKCS7_get_signer_info                   940
-EVP_delete_alias                        941
-EVP_mdc2                                942
-PEM_read_bio_RSAPublicKey               943
-PEM_write_bio_RSAPublicKey              944
-d2i_RSAPublicKey_bio                    945
-i2d_RSAPublicKey_bio                    946
-PEM_read_RSAPublicKey                   947
-PEM_write_RSAPublicKey                  949
-d2i_RSAPublicKey_fp                     952
-i2d_RSAPublicKey_fp                     954
-BIO_copy_next_retry                     955
-RSA_flags                               956
-X509_STORE_add_crl                      957
-X509_load_crl_file                      958
-EVP_rc2_40_cbc                          959
-EVP_rc4_40                              960
-EVP_CIPHER_CTX_init                     961
-HMAC                                    962
-HMAC_Init                               963
-HMAC_Update                             964
-HMAC_Final                              965
-ERR_get_next_error_library              966
-EVP_PKEY_cmp_parameters                 967
-HMAC_cleanup                            968
-BIO_ptr_ctrl                            969
-BIO_new_file_internal                   970
-BIO_new_fp_internal                     971
-BIO_s_file_internal                     972
-BN_BLINDING_convert                     973
-BN_BLINDING_invert                      974
-BN_BLINDING_update                      975
-RSA_blinding_on                         977
-RSA_blinding_off                        978
-i2t_ASN1_OBJECT                         979
-BN_BLINDING_new                         980
-BN_BLINDING_free                        981
-EVP_cast5_cbc                           983
-EVP_cast5_cfb                           984
-EVP_cast5_ecb                           985
-EVP_cast5_ofb                           986
-BF_decrypt                              987
-CAST_set_key                            988
-CAST_encrypt                            989
-CAST_decrypt                            990
-CAST_ecb_encrypt                        991
-CAST_cbc_encrypt                        992
-CAST_cfb64_encrypt                      993
-CAST_ofb64_encrypt                      994
-RC2_decrypt                             995
-OBJ_create_objects                      997
-BN_exp                                  998
-BN_mul_word                             999
-BN_sub_word                             1000
-BN_dec2bn                               1001
-BN_bn2dec                               1002
-BIO_ghbn_ctrl                           1003
-CRYPTO_free_ex_data                     1004
-CRYPTO_get_ex_data                      1005
-CRYPTO_set_ex_data                      1007
-ERR_load_CRYPTO_strings                 1009
-ERR_load_CRYPTOlib_strings              1009
-EVP_PKEY_bits                           1010
-MD5_Transform                           1011
-SHA1_Transform                          1012
-SHA_Transform                           1013
-X509_STORE_CTX_get_chain                1014
-X509_STORE_CTX_get_current_cert         1015
-X509_STORE_CTX_get_error                1016
-X509_STORE_CTX_get_error_depth          1017
-X509_STORE_CTX_get_ex_data              1018
-X509_STORE_CTX_set_cert                 1020
-X509_STORE_CTX_set_chain                1021
-X509_STORE_CTX_set_error                1022
-X509_STORE_CTX_set_ex_data              1023
-CRYPTO_dup_ex_data                      1025
-CRYPTO_get_new_lockid                   1026
-CRYPTO_new_ex_data                      1027
-RSA_set_ex_data                         1028
-RSA_get_ex_data                         1029
-RSA_get_ex_new_index                    1030
-RSA_padding_add_PKCS1_type_1            1031
-RSA_padding_add_PKCS1_type_2            1032
-RSA_padding_add_SSLv23                  1033
-RSA_padding_add_none                    1034
-RSA_padding_check_PKCS1_type_1          1035
-RSA_padding_check_PKCS1_type_2          1036
-RSA_padding_check_SSLv23                1037
-RSA_padding_check_none                  1038
-bn_add_words                            1039
-d2i_Netscape_RSA_2                      1040
-CRYPTO_get_ex_new_index                 1041
-RIPEMD160_Init                          1042
-RIPEMD160_Update                        1043
-RIPEMD160_Final                         1044
-RIPEMD160                               1045
-RIPEMD160_Transform                     1046
-RC5_32_set_key                          1047
-RC5_32_ecb_encrypt                      1048
-RC5_32_encrypt                          1049
-RC5_32_decrypt                          1050
-RC5_32_cbc_encrypt                      1051
-RC5_32_cfb64_encrypt                    1052
-RC5_32_ofb64_encrypt                    1053
-BN_bn2mpi                               1058
-BN_mpi2bn                               1059
-ASN1_BIT_STRING_get_bit                 1060
-ASN1_BIT_STRING_set_bit                 1061
-BIO_get_ex_data                         1062
-BIO_get_ex_new_index                    1063
-BIO_set_ex_data                         1064
-X509_STORE_CTX_get_ex_new_index         1065
-X509v3_get_key_usage                    1066
-X509v3_set_key_usage                    1067
-a2i_X509v3_key_usage                    1068
-i2a_X509v3_key_usage                    1069
-EVP_PKEY_decrypt                        1070
-EVP_PKEY_encrypt                        1071
-PKCS7_RECIP_INFO_set                    1072
-PKCS7_add_recipient                     1073
-PKCS7_add_recipient_info                1074
-PKCS7_set_cipher                        1075
-ASN1_TYPE_get_int_octetstring           1076
-ASN1_TYPE_get_octetstring               1077
-ASN1_TYPE_set_int_octetstring           1078
-ASN1_TYPE_set_octetstring               1079
-ASN1_UTCTIME_set_string                 1080
-ERR_add_error_data                      1081
-ERR_set_error_data                      1082
-EVP_CIPHER_asn1_to_param                1083
-EVP_CIPHER_param_to_asn1                1084
-EVP_CIPHER_get_asn1_iv                  1085
-EVP_CIPHER_set_asn1_iv                  1086
-EVP_rc5_32_12_16_cbc                    1087
-EVP_rc5_32_12_16_cfb                    1088
-EVP_rc5_32_12_16_ecb                    1089
-EVP_rc5_32_12_16_ofb                    1090
-asn1_add_error                          1091
-d2i_ASN1_BMPSTRING                      1092
-i2d_ASN1_BMPSTRING                      1093
-BIO_f_ber                               1094
-BN_init                                 1095
-COMP_CTX_new                            1096
-COMP_CTX_free                           1097
-COMP_CTX_compress_block                 1098
-COMP_CTX_expand_block                   1099
-X509_STORE_CTX_get_ex_new_index         1100
-OBJ_NAME_add                            1101
-BIO_socket_nbio                         1102
-EVP_rc2_64_cbc                          1103
-OBJ_NAME_cleanup                        1104
-OBJ_NAME_get                            1105
-OBJ_NAME_init                           1106
-OBJ_NAME_new_index                      1107
-OBJ_NAME_remove                         1108
-BN_MONT_CTX_copy                        1109
-BIO_new_socks4a_connect                 1110
-BIO_s_socks4a_connect                   1111
-PROXY_set_connect_mode                  1112
-RAND_SSLeay                             1113
-RAND_set_rand_method                    1114
-RSA_memory_lock                         1115
-bn_sub_words                            1116
-bn_mul_normal                           1117
-bn_mul_comba8                           1118
-bn_mul_comba4                           1119
-bn_sqr_normal                           1120
-bn_sqr_comba8                           1121
-bn_sqr_comba4                           1122
-bn_cmp_words                            1123
-bn_mul_recursive                        1124
-bn_mul_part_recursive                   1125
-bn_sqr_recursive                        1126
-bn_mul_low_normal                       1127
-BN_RECP_CTX_init                        1128
-BN_RECP_CTX_new                         1129
-BN_RECP_CTX_free                        1130
-BN_RECP_CTX_set                         1131
-BN_mod_mul_reciprocal                   1132
-BN_mod_exp_recp                         1133
-BN_div_recp                             1134
-BN_CTX_init                             1135
-BN_MONT_CTX_init                        1136
-RAND_get_rand_method                    1137
-PKCS7_add_attribute                     1138
-PKCS7_add_signed_attribute              1139
-PKCS7_digest_from_attributes            1140
-PKCS7_get_attribute                     1141
-PKCS7_get_issuer_and_serial             1142
-PKCS7_get_signed_attribute              1143
-COMP_compress_block                     1144
-COMP_expand_block                       1145
-COMP_rle                                1146
-COMP_zlib                               1147
-ms_time_diff                            1148
-ms_time_new                             1149
-ms_time_free                            1150
-ms_time_cmp                             1151
-ms_time_get                             1152
-PKCS7_set_attributes                    1153
-PKCS7_set_signed_attributes             1154
-X509_ATTRIBUTE_create                   1155
-X509_ATTRIBUTE_dup                      1156
-ASN1_GENERALIZEDTIME_check              1157
-ASN1_GENERALIZEDTIME_print              1158
-ASN1_GENERALIZEDTIME_set                1159
-ASN1_GENERALIZEDTIME_set_string         1160
-ASN1_TIME_print                         1161
-BASIC_CONSTRAINTS_free                  1162
-BASIC_CONSTRAINTS_new                   1163
-ERR_load_X509V3_strings                 1164
-NETSCAPE_CERT_SEQUENCE_free             1165
-NETSCAPE_CERT_SEQUENCE_new              1166
-OBJ_txt2obj                             1167
-PEM_read_NETSCAPE_CERT_SEQUENCE         1168
-PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169
-PEM_write_NETSCAPE_CERT_SEQUENCE        1170
-PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171
-X509V3_EXT_add                          1172
-X509V3_EXT_add_alias                    1173
-X509V3_EXT_add_conf                     1174
-X509V3_EXT_cleanup                      1175
-X509V3_EXT_conf                         1176
-X509V3_EXT_conf_nid                     1177
-X509V3_EXT_get                          1178
-X509V3_EXT_get_nid                      1179
-X509V3_EXT_print                        1180
-X509V3_EXT_print_fp                     1181
-X509V3_add_standard_extensions          1182
-X509V3_add_value                        1183
-X509V3_add_value_bool                   1184
-X509V3_add_value_int                    1185
-X509V3_conf_free                        1186
-X509V3_get_value_bool                   1187
-X509V3_get_value_int                    1188
-X509V3_parse_list                       1189
-d2i_ASN1_GENERALIZEDTIME                1190
-d2i_ASN1_TIME                           1191
-d2i_BASIC_CONSTRAINTS                   1192
-d2i_NETSCAPE_CERT_SEQUENCE              1193
-d2i_ext_ku                              1194
-ext_ku_free                             1195
-ext_ku_new                              1196
-i2d_ASN1_GENERALIZEDTIME                1197
-i2d_ASN1_TIME                           1198
-i2d_BASIC_CONSTRAINTS                   1199
-i2d_NETSCAPE_CERT_SEQUENCE              1200
-i2d_ext_ku                              1201
-EVP_MD_CTX_copy                         1202
-i2d_ASN1_ENUMERATED                     1203
-d2i_ASN1_ENUMERATED                     1204
-ASN1_ENUMERATED_set                     1205
-ASN1_ENUMERATED_get                     1206
-BN_to_ASN1_ENUMERATED                   1207
-ASN1_ENUMERATED_to_BN                   1208
-i2a_ASN1_ENUMERATED                     1209
-a2i_ASN1_ENUMERATED                     1210
-i2d_GENERAL_NAME                        1211
-d2i_GENERAL_NAME                        1212
-GENERAL_NAME_new                        1213
-GENERAL_NAME_free                       1214
-GENERAL_NAMES_new                       1215
-GENERAL_NAMES_free                      1216
-d2i_GENERAL_NAMES                       1217
-i2d_GENERAL_NAMES                       1218
-i2v_GENERAL_NAMES                       1219
-i2s_ASN1_OCTET_STRING                   1220
-s2i_ASN1_OCTET_STRING                   1221
-X509V3_EXT_check_conf                   1222
-hex_to_string                           1223
-string_to_hex                           1224
-des_ede3_cbcm_encrypt                   1225
-RSA_padding_add_PKCS1_OAEP              1226
-RSA_padding_check_PKCS1_OAEP            1227
-X509_CRL_print_fp                       1228
-X509_CRL_print                          1229
-i2v_GENERAL_NAME                        1230
-v2i_GENERAL_NAME                        1231
-i2d_PKEY_USAGE_PERIOD                   1232
-d2i_PKEY_USAGE_PERIOD                   1233
-PKEY_USAGE_PERIOD_new                   1234
-PKEY_USAGE_PERIOD_free                  1235
-v2i_GENERAL_NAMES                       1236
-i2s_ASN1_INTEGER                        1237
-X509V3_EXT_d2i                          1238
-name_cmp                                1239
-str_dup                                 1240
-i2s_ASN1_ENUMERATED                     1241
-i2s_ASN1_ENUMERATED_TABLE               1242
-BIO_s_log                               1243
-BIO_f_reliable                          1244
-PKCS7_dataFinal                         1245
-PKCS7_dataDecode                        1246
-X509V3_EXT_CRL_add_conf                 1247
-BN_set_params                           1248
-BN_get_params                           1249
-BIO_get_ex_num                          1250
-BIO_set_ex_free_func                    1251
-EVP_ripemd160                           1252
-ASN1_TIME_set                           1253
-i2d_AUTHORITY_KEYID                     1254
-d2i_AUTHORITY_KEYID                     1255
-AUTHORITY_KEYID_new                     1256
-AUTHORITY_KEYID_free                    1257
-ASN1_seq_unpack                         1258
-ASN1_seq_pack                           1259
-ASN1_unpack_string                      1260
-ASN1_pack_string                        1261
-PKCS12_pack_safebag                     1262
-PKCS12_MAKE_KEYBAG                      1263
-PKCS8_encrypt                           1264
-PKCS12_MAKE_SHKEYBAG                    1265
-PKCS12_pack_p7data                      1266
-PKCS12_pack_p7encdata                   1267
-PKCS12_add_localkeyid                   1268
-PKCS12_add_friendlyname_asc             1269
-PKCS12_add_friendlyname_uni             1270
-PKCS12_get_friendlyname                 1271
-PKCS12_pbe_crypt                        1272
-PKCS12_decrypt_d2i                      1273
-PKCS12_i2d_encrypt                      1274
-PKCS12_init                             1275
-PKCS12_key_gen_asc                      1276
-PKCS12_key_gen_uni                      1277
-PKCS12_gen_mac                          1278
-PKCS12_verify_mac                       1279
-PKCS12_set_mac                          1280
-PKCS12_setup_mac                        1281
-asc2uni                                 1282
-uni2asc                                 1283
-i2d_PKCS12_BAGS                         1284
-PKCS12_BAGS_new                         1285
-d2i_PKCS12_BAGS                         1286
-PKCS12_BAGS_free                        1287
-i2d_PKCS12                              1288
-d2i_PKCS12                              1289
-PKCS12_new                              1290
-PKCS12_free                             1291
-i2d_PKCS12_MAC_DATA                     1292
-PKCS12_MAC_DATA_new                     1293
-d2i_PKCS12_MAC_DATA                     1294
-PKCS12_MAC_DATA_free                    1295
-i2d_PKCS12_SAFEBAG                      1296
-PKCS12_SAFEBAG_new                      1297
-d2i_PKCS12_SAFEBAG                      1298
-PKCS12_SAFEBAG_free                     1299
-ERR_load_PKCS12_strings                 1300
-PKCS12_PBE_add                          1301
-PKCS8_add_keyusage                      1302
-PKCS12_get_attr_gen                     1303
-PKCS12_parse                            1304
-PKCS12_create                           1305
-i2d_PKCS12_bio                          1306
-i2d_PKCS12_fp                           1307
-d2i_PKCS12_bio                          1308
-d2i_PKCS12_fp                           1309
-i2d_PBEPARAM                            1310
-PBEPARAM_new                            1311
-d2i_PBEPARAM                            1312
-PBEPARAM_free                           1313
-i2d_PKCS8_PRIV_KEY_INFO                 1314
-PKCS8_PRIV_KEY_INFO_new                 1315
-d2i_PKCS8_PRIV_KEY_INFO                 1316
-PKCS8_PRIV_KEY_INFO_free                1317
-EVP_PKCS82PKEY                          1318
-EVP_PKEY2PKCS8                          1319
-PKCS8_set_broken                        1320
-EVP_PBE_ALGOR_CipherInit                1321
-EVP_PBE_alg_add                         1322
-PKCS5_pbe_set                           1323
-EVP_PBE_cleanup                         1324
-i2d_SXNET                               1325
-d2i_SXNET                               1326
-SXNET_new                               1327
-SXNET_free                              1328
-i2d_SXNETID                             1329
-d2i_SXNETID                             1330
-SXNETID_new                             1331
-SXNETID_free                            1332
-DSA_SIG_new                             1333
-DSA_SIG_free                            1334
-DSA_do_sign                             1335
-DSA_do_verify                           1336
-d2i_DSA_SIG                             1337
-i2d_DSA_SIG                             1338
-i2d_ASN1_VISIBLESTRING                  1339
-d2i_ASN1_VISIBLESTRING                  1340
-i2d_ASN1_UTF8STRING                     1341
-d2i_ASN1_UTF8STRING                     1342
-i2d_DIRECTORYSTRING                     1343
-d2i_DIRECTORYSTRING                     1344
-i2d_DISPLAYTEXT                         1345
-d2i_DISPLAYTEXT                         1346
-sk_X509_NAME_new                        1347
-sk_X509_NAME_new_null                   1348
-sk_X509_NAME_free                       1349
-sk_X509_NAME_num                        1350
-sk_X509_NAME_value                      1351
-sk_X509_NAME_set                        1352
-sk_X509_NAME_zero                       1353
-sk_X509_NAME_push                       1354
-sk_X509_NAME_pop                        1355
-sk_X509_NAME_find                       1356
-sk_X509_NAME_delete                     1357
-sk_X509_NAME_delete_ptr                 1358
-sk_X509_NAME_set_cmp_func               1359
-sk_X509_NAME_dup                        1360
-sk_X509_NAME_pop_free                   1361
-sk_X509_NAME_shift                      1362
-sk_X509_new                             1363
-sk_X509_new_null                        1364
-sk_X509_free                            1365
-sk_X509_num                             1366
-sk_X509_value                           1367
-sk_X509_set                             1368
-sk_X509_zero                            1369
-sk_X509_push                            1370
-sk_X509_pop                             1371
-sk_X509_find                            1372
-sk_X509_delete                          1373
-sk_X509_delete_ptr                      1374
-sk_X509_set_cmp_func                    1375
-sk_X509_dup                             1376
-sk_X509_pop_free                        1377
-sk_X509_shift                           1378
-d2i_ASN1_SET_OF_X509                    1379
-i2d_ASN1_SET_OF_X509                    1380
-sk_X509_ATTRIBUTE_new                   1381
-sk_X509_ATTRIBUTE_new_null              1382
-sk_X509_ATTRIBUTE_free                  1383
-sk_X509_ATTRIBUTE_num                   1384
-sk_X509_ATTRIBUTE_value                 1385
-sk_X509_ATTRIBUTE_set                   1386
-sk_X509_ATTRIBUTE_zero                  1387
-sk_X509_ATTRIBUTE_push                  1388
-sk_X509_ATTRIBUTE_pop                   1389
-sk_X509_ATTRIBUTE_find                  1390
-sk_X509_ATTRIBUTE_delete                1391
-sk_X509_ATTRIBUTE_delete_ptr            1392
-sk_X509_ATTRIBUTE_set_cmp_func          1393
-sk_X509_ATTRIBUTE_dup                   1394
-sk_X509_ATTRIBUTE_pop_free              1395
-sk_X509_ATTRIBUTE_shift                 1396
-i2d_PBKDF2PARAM                         1397
-PBKDF2PARAM_new                         1398
-d2i_PBKDF2PARAM                         1399
-PBKDF2PARAM_free                        1400
-i2d_PBE2PARAM                           1401
-PBE2PARAM_new                           1402
-d2i_PBE2PARAM                           1403
-PBE2PARAM_free                          1404
-sk_GENERAL_NAME_new                     1405
-sk_GENERAL_NAME_new_null                1406
-sk_GENERAL_NAME_free                    1407
-sk_GENERAL_NAME_num                     1408
-sk_GENERAL_NAME_value                   1409
-sk_GENERAL_NAME_set                     1410
-sk_GENERAL_NAME_zero                    1411
-sk_GENERAL_NAME_push                    1412
-sk_GENERAL_NAME_pop                     1413
-sk_GENERAL_NAME_find                    1414
-sk_GENERAL_NAME_delete                  1415
-sk_GENERAL_NAME_delete_ptr              1416
-sk_GENERAL_NAME_set_cmp_func            1417
-sk_GENERAL_NAME_dup                     1418
-sk_GENERAL_NAME_pop_free                1419
-sk_GENERAL_NAME_shift                   1420
-d2i_ASN1_SET_OF_GENERAL_NAME            1421
-i2d_ASN1_SET_OF_GENERAL_NAME            1422
-sk_SXNETID_new                          1423
-sk_SXNETID_new_null                     1424
-sk_SXNETID_free                         1425
-sk_SXNETID_num                          1426
-sk_SXNETID_value                        1427
-sk_SXNETID_set                          1428
-sk_SXNETID_zero                         1429
-sk_SXNETID_push                         1430
-sk_SXNETID_pop                          1431
-sk_SXNETID_find                         1432
-sk_SXNETID_delete                       1433
-sk_SXNETID_delete_ptr                   1434
-sk_SXNETID_set_cmp_func                 1435
-sk_SXNETID_dup                          1436
-sk_SXNETID_pop_free                     1437
-sk_SXNETID_shift                        1438
-d2i_ASN1_SET_OF_SXNETID                 1439
-i2d_ASN1_SET_OF_SXNETID                 1440
-sk_POLICYQUALINFO_new                   1441
-sk_POLICYQUALINFO_new_null              1442
-sk_POLICYQUALINFO_free                  1443
-sk_POLICYQUALINFO_num                   1444
-sk_POLICYQUALINFO_value                 1445
-sk_POLICYQUALINFO_set                   1446
-sk_POLICYQUALINFO_zero                  1447
-sk_POLICYQUALINFO_push                  1448
-sk_POLICYQUALINFO_pop                   1449
-sk_POLICYQUALINFO_find                  1450
-sk_POLICYQUALINFO_delete                1451
-sk_POLICYQUALINFO_delete_ptr            1452
-sk_POLICYQUALINFO_set_cmp_func          1453
-sk_POLICYQUALINFO_dup                   1454
-sk_POLICYQUALINFO_pop_free              1455
-sk_POLICYQUALINFO_shift                 1456
-d2i_ASN1_SET_OF_POLICYQUALINFO          1457
-i2d_ASN1_SET_OF_POLICYQUALINFO          1458
-sk_POLICYINFO_new                       1459
-sk_POLICYINFO_new_null                  1460
-sk_POLICYINFO_free                      1461
-sk_POLICYINFO_num                       1462
-sk_POLICYINFO_value                     1463
-sk_POLICYINFO_set                       1464
-sk_POLICYINFO_zero                      1465
-sk_POLICYINFO_push                      1466
-sk_POLICYINFO_pop                       1467
-sk_POLICYINFO_find                      1468
-sk_POLICYINFO_delete                    1469
-sk_POLICYINFO_delete_ptr                1470
-sk_POLICYINFO_set_cmp_func              1471
-sk_POLICYINFO_dup                       1472
-sk_POLICYINFO_pop_free                  1473
-sk_POLICYINFO_shift                     1474
-d2i_ASN1_SET_OF_POLICYINFO              1475
-i2d_ASN1_SET_OF_POLICYINFO              1476
-SXNET_add_id_asc                        1477
-SXNET_add_id_ulong                      1478
-SXNET_add_id_INTEGER                    1479
-SXNET_get_id_asc                        1480
-SXNET_get_id_ulong                      1481
-SXNET_get_id_INTEGER                    1482
-X509V3_set_conf_lhash                   1483
-i2d_CERTIFICATEPOLICIES                 1484
-CERTIFICATEPOLICIES_new                 1485
-CERTIFICATEPOLICIES_free                1486
-d2i_CERTIFICATEPOLICIES                 1487
-i2d_POLICYINFO                          1488
-POLICYINFO_new                          1489
-d2i_POLICYINFO                          1490
-POLICYINFO_free                         1491
-i2d_POLICYQUALINFO                      1492
-POLICYQUALINFO_new                      1493
-d2i_POLICYQUALINFO                      1494
-POLICYQUALINFO_free                     1495
-i2d_USERNOTICE                          1496
-USERNOTICE_new                          1497
-d2i_USERNOTICE                          1498
-USERNOTICE_free                         1499
-i2d_NOTICEREF                           1500
-NOTICEREF_new                           1501
-d2i_NOTICEREF                           1502
-NOTICEREF_free                          1503
-X509V3_get_string                       1504
-X509V3_get_section                      1505
-X509V3_string_free                      1506
-X509V3_section_free                     1507
-X509V3_set_ctx                          1508
-s2i_ASN1_INTEGER                        1509
-CRYPTO_set_locked_mem_functions         1510
-CRYPTO_get_locked_mem_functions         1511
-CRYPTO_malloc_locked                    1512
-CRYPTO_free_locked                      1513
-BN_mod_exp2_mont                        1514
-ERR_get_error_line_data                 1515
-ERR_peek_error_line_data                1516
-PKCS12_PBE_keyivgen                     1517
-X509_ALGOR_dup                          1518
-sk_DIST_POINT_new                       1519
-sk_DIST_POINT_new_null                  1520
-sk_DIST_POINT_free                      1521
-sk_DIST_POINT_num                       1522
-sk_DIST_POINT_value                     1523
-sk_DIST_POINT_set                       1524
-sk_DIST_POINT_zero                      1525
-sk_DIST_POINT_push                      1526
-sk_DIST_POINT_pop                       1527
-sk_DIST_POINT_find                      1528
-sk_DIST_POINT_delete                    1529
-sk_DIST_POINT_delete_ptr                1530
-sk_DIST_POINT_set_cmp_func              1531
-sk_DIST_POINT_dup                       1532
-sk_DIST_POINT_pop_free                  1533
-sk_DIST_POINT_shift                     1534
-d2i_ASN1_SET_OF_DIST_POINT              1535
-i2d_ASN1_SET_OF_DIST_POINT              1536
-i2d_CRL_DIST_POINTS                     1537
-CRL_DIST_POINTS_new                     1538
-CRL_DIST_POINTS_free                    1539
-d2i_CRL_DIST_POINTS                     1540
-i2d_DIST_POINT                          1541
-DIST_POINT_new                          1542
-d2i_DIST_POINT                          1543
-DIST_POINT_free                         1544
-i2d_DIST_POINT_NAME                     1545
-DIST_POINT_NAME_new                     1546
-DIST_POINT_NAME_free                    1547
-d2i_DIST_POINT_NAME                     1548
-X509V3_add_value_uchar                  1549
-sk_X509_INFO_new                        1550
-sk_X509_EXTENSION_new                   1551
-sk_X509_NAME_ENTRY_unshift              1552
-sk_ASN1_TYPE_value                      1553
-sk_X509_EXTENSION_find                  1554
-d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555
-sk_ASN1_TYPE_pop                        1556
-sk_X509_EXTENSION_set_cmp_func          1557
-sk_ASN1_TYPE_new_null                   1558
-sk_X509_NAME_ENTRY_delete               1559
-i2d_ASN1_SET_OF_ASN1_TYPE               1560
-sk_X509_NAME_ENTRY_dup                  1561
-sk_X509_unshift                         1562
-sk_X509_NAME_unshift                    1563
-sk_ASN1_TYPE_num                        1564
-sk_X509_EXTENSION_new_null              1565
-sk_X509_INFO_value                      1566
-d2i_ASN1_SET_OF_X509_EXTENSION          1567
-sk_X509_INFO_delete_ptr                 1568
-sk_X509_NAME_ENTRY_new                  1569
-sk_DIST_POINT_insert                    1570
-sk_ASN1_TYPE_set_cmp_func               1571
-sk_X509_EXTENSION_value                 1572
-sk_DIST_POINT_unshift                   1573
-d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574
-sk_X509_INFO_pop                        1575
-sk_X509_EXTENSION_pop                   1576
-sk_X509_NAME_ENTRY_shift                1577
-sk_X509_INFO_num                        1578
-sk_X509_EXTENSION_num                   1579
-sk_X509_INFO_pop_free                   1580
-sk_POLICYQUALINFO_unshift               1581
-sk_POLICYINFO_unshift                   1582
-sk_X509_NAME_ENTRY_new_null             1583
-sk_X509_NAME_ENTRY_pop                  1584
-sk_X509_ATTRIBUTE_unshift               1585
-sk_X509_NAME_ENTRY_num                  1586
-sk_GENERAL_NAME_unshift                 1587
-sk_X509_INFO_free                       1588
-d2i_ASN1_SET_OF_ASN1_TYPE               1589
-sk_X509_INFO_insert                     1590
-sk_X509_NAME_ENTRY_value                1591
-sk_POLICYQUALINFO_insert                1592
-sk_ASN1_TYPE_set                        1593
-sk_X509_EXTENSION_delete_ptr            1594
-sk_X509_INFO_unshift                    1595
-sk_ASN1_TYPE_unshift                    1596
-sk_ASN1_TYPE_free                       1597
-sk_ASN1_TYPE_delete_ptr                 1598
-sk_ASN1_TYPE_pop_free                   1599
-sk_X509_EXTENSION_unshift               1600
-sk_X509_EXTENSION_pop_free              1601
-sk_X509_NAME_ENTRY_set_cmp_func         1602
-sk_ASN1_TYPE_insert                     1603
-sk_X509_NAME_ENTRY_free                 1604
-sk_SXNETID_insert                       1605
-sk_X509_NAME_insert                     1606
-sk_X509_insert                          1607
-sk_X509_INFO_delete                     1608
-sk_X509_INFO_set_cmp_func               1609
-sk_X509_ATTRIBUTE_insert                1610
-sk_X509_INFO_zero                       1611
-sk_X509_INFO_set                        1612
-sk_X509_EXTENSION_set                   1613
-sk_X509_EXTENSION_free                  1614
-i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615
-sk_SXNETID_unshift                      1616
-sk_X509_INFO_push                       1617
-sk_X509_EXTENSION_insert                1618
-sk_X509_INFO_new_null                   1619
-sk_ASN1_TYPE_dup                        1620
-sk_X509_INFO_find                       1621
-sk_POLICYINFO_insert                    1622
-sk_ASN1_TYPE_zero                       1623
-i2d_ASN1_SET_OF_X509_EXTENSION          1624
-sk_X509_NAME_ENTRY_set                  1625
-sk_ASN1_TYPE_push                       1626
-sk_X509_NAME_ENTRY_insert               1627
-sk_ASN1_TYPE_new                        1628
-sk_GENERAL_NAME_insert                  1629
-sk_ASN1_TYPE_shift                      1630
-sk_ASN1_TYPE_delete                     1631
-sk_X509_NAME_ENTRY_pop_free             1632
-i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633
-sk_X509_NAME_ENTRY_zero                 1634
-sk_ASN1_TYPE_find                       1635
-sk_X509_NAME_ENTRY_delete_ptr           1636
-sk_X509_NAME_ENTRY_push                 1637
-sk_X509_EXTENSION_zero                  1638
-sk_X509_INFO_shift                      1639
-sk_X509_INFO_dup                        1640
-sk_X509_EXTENSION_dup                   1641
-sk_X509_EXTENSION_delete                1642
-sk_X509_EXTENSION_shift                 1643
-sk_X509_EXTENSION_push                  1644
-sk_X509_NAME_ENTRY_find                 1645
-X509V3_EXT_i2d                          1646
-X509V3_EXT_val_prn                      1647
-X509V3_EXT_add_list                     1648
-EVP_CIPHER_type                         1649
-EVP_PBE_CipherInit                      1650
-X509V3_add_value_bool_nf                1651
-d2i_ASN1_UINTEGER                       1652
-sk_value                                1653
-sk_num                                  1654
-sk_set                                  1655
-sk_X509_REVOKED_set_cmp_func            1656
-sk_X509_REVOKED_unshift                 1657
-sk_X509_REVOKED_dup                     1658
-sk_X509_REVOKED_free                    1659
-sk_X509_REVOKED_new                     1660
-i2d_ASN1_SET_OF_X509_REVOKED            1661
-sk_X509_REVOKED_shift                   1662
-sk_X509_REVOKED_delete_ptr              1663
-sk_X509_REVOKED_pop_free                1664
-sk_X509_REVOKED_insert                  1665
-sk_X509_REVOKED_zero                    1666
-sk_X509_REVOKED_pop                     1667
-sk_X509_REVOKED_value                   1668
-sk_X509_REVOKED_num                     1669
-sk_X509_REVOKED_push                    1670
-sk_sort                                 1671
-sk_X509_REVOKED_find                    1672
-sk_X509_REVOKED_delete                  1673
-d2i_ASN1_SET_OF_X509_REVOKED            1674
-sk_X509_REVOKED_new_null                1675
-sk_X509_REVOKED_set                     1676
-sk_X509_ALGOR_new                       1677
-sk_X509_CRL_set_cmp_func                1678
-sk_X509_CRL_set                         1679
-sk_X509_ALGOR_unshift                   1680
-sk_X509_CRL_free                        1681
-i2d_ASN1_SET_OF_X509_ALGOR              1682
-sk_X509_ALGOR_pop                       1683
-sk_X509_CRL_unshift                     1684
-i2d_ASN1_SET_OF_X509_CRL                1685
-sk_X509_ALGOR_num                       1686
-sk_X509_CRL_insert                      1687
-sk_X509_CRL_pop_free                    1688
-sk_X509_CRL_delete_ptr                  1689
-sk_X509_ALGOR_insert                    1690
-sk_X509_CRL_dup                         1691
-sk_X509_CRL_zero                        1692
-sk_X509_CRL_new                         1693
-sk_X509_CRL_push                        1694
-sk_X509_ALGOR_new_null                  1695
-d2i_ASN1_SET_OF_X509_ALGOR              1696
-sk_X509_CRL_shift                       1697
-sk_X509_CRL_find                        1698
-sk_X509_CRL_delete                      1699
-sk_X509_ALGOR_free                      1700
-sk_X509_ALGOR_delete                    1701
-d2i_ASN1_SET_OF_X509_CRL                1702
-sk_X509_ALGOR_delete_ptr                1703
-sk_X509_CRL_pop                         1704
-sk_X509_ALGOR_set                       1705
-sk_X509_CRL_num                         1706
-sk_X509_CRL_value                       1707
-sk_X509_ALGOR_shift                     1708
-sk_X509_ALGOR_zero                      1709
-sk_X509_CRL_new_null                    1710
-sk_X509_ALGOR_push                      1711
-sk_X509_ALGOR_value                     1712
-sk_X509_ALGOR_find                      1713
-sk_X509_ALGOR_set_cmp_func              1714
-sk_X509_ALGOR_dup                       1715
-sk_X509_ALGOR_pop_free                  1716
-sk_PKCS7_SIGNER_INFO_new                1717
-sk_PKCS7_SIGNER_INFO_zero               1718
-sk_PKCS7_SIGNER_INFO_unshift            1719
-sk_PKCS7_RECIP_INFO_dup                 1720
-sk_PKCS7_SIGNER_INFO_insert             1721
-sk_PKCS7_SIGNER_INFO_push               1722
-i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723
-sk_PKCS7_RECIP_INFO_new                 1724
-sk_X509_LOOKUP_new_null                 1725
-sk_PKCS7_SIGNER_INFO_find               1726
-sk_PKCS7_SIGNER_INFO_set_cmp_func       1727
-sk_X509_LOOKUP_zero                     1728
-sk_PKCS7_RECIP_INFO_shift               1729
-sk_PKCS7_RECIP_INFO_new_null            1730
-sk_PKCS7_SIGNER_INFO_shift              1731
-sk_PKCS7_SIGNER_INFO_pop                1732
-sk_PKCS7_SIGNER_INFO_pop_free           1733
-sk_X509_LOOKUP_push                     1734
-sk_X509_LOOKUP_dup                      1735
-sk_PKCS7_SIGNER_INFO_num                1736
-sk_X509_LOOKUP_find                     1737
-i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738
-sk_X509_LOOKUP_new                      1739
-sk_PKCS7_SIGNER_INFO_delete             1740
-sk_PKCS7_RECIP_INFO_set_cmp_func        1741
-sk_PKCS7_SIGNER_INFO_delete_ptr         1742
-sk_PKCS7_RECIP_INFO_pop                 1743
-sk_X509_LOOKUP_insert                   1744
-sk_PKCS7_RECIP_INFO_value               1745
-sk_PKCS7_RECIP_INFO_num                 1746
-sk_PKCS7_SIGNER_INFO_value              1747
-d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748
-sk_X509_LOOKUP_pop                      1749
-sk_X509_LOOKUP_num                      1750
-sk_X509_LOOKUP_delete                   1751
-sk_PKCS7_RECIP_INFO_free                1752
-d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753
-sk_PKCS7_SIGNER_INFO_set                1754
-sk_X509_LOOKUP_pop_free                 1755
-sk_X509_LOOKUP_shift                    1756
-sk_X509_LOOKUP_unshift                  1757
-sk_PKCS7_SIGNER_INFO_new_null           1758
-sk_PKCS7_RECIP_INFO_delete_ptr          1759
-sk_PKCS7_RECIP_INFO_pop_free            1760
-sk_PKCS7_RECIP_INFO_insert              1761
-sk_PKCS7_SIGNER_INFO_free               1762
-sk_PKCS7_RECIP_INFO_set                 1763
-sk_PKCS7_RECIP_INFO_zero                1764
-sk_X509_LOOKUP_value                    1765
-sk_PKCS7_RECIP_INFO_push                1766
-sk_PKCS7_RECIP_INFO_unshift             1767
-sk_X509_LOOKUP_set_cmp_func             1768
-sk_X509_LOOKUP_free                     1769
-sk_PKCS7_SIGNER_INFO_dup                1770
-sk_X509_LOOKUP_delete_ptr               1771
-sk_X509_LOOKUP_set                      1772
-sk_PKCS7_RECIP_INFO_find                1773
-sk_PKCS7_RECIP_INFO_delete              1774
-PKCS5_PBE_add                           1775
-PEM_write_bio_PKCS8                     1776
-i2d_PKCS8_fp                            1777
-PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778
-d2i_PKCS8_bio                           1779
-d2i_PKCS8_PRIV_KEY_INFO_fp              1780
-PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781
-PEM_read_PKCS8                          1782
-d2i_PKCS8_PRIV_KEY_INFO_bio             1783
-d2i_PKCS8_fp                            1784
-PEM_write_PKCS8                         1785
-PEM_read_PKCS8_PRIV_KEY_INFO            1786
-PEM_read_bio_PKCS8                      1787
-PEM_write_PKCS8_PRIV_KEY_INFO           1788
-PKCS5_PBE_keyivgen                      1789
-i2d_PKCS8_bio                           1790
-i2d_PKCS8_PRIV_KEY_INFO_fp              1791
-i2d_PKCS8_PRIV_KEY_INFO_bio             1792
-BIO_s_bio                               1793
-PKCS5_pbe2_set                          1794
-PKCS5_PBKDF2_HMAC_SHA1                  1795
-PKCS5_v2_PBE_keyivgen                   1796
-PEM_write_bio_PKCS8PrivateKey           1797
-PEM_write_PKCS8PrivateKey               1798
-BIO_ctrl_get_read_request               1799
-BIO_ctrl_pending                        1800
-BIO_ctrl_wpending                       1801
-BIO_new_bio_pair                        1802
-BIO_ctrl_get_write_guarantee            1803
-CRYPTO_num_locks                        1804
-CONF_load_bio                           1805
-CONF_load_fp                            1806
-sk_CONF_VALUE_delete                    1807
-sk_CONF_VALUE_pop                       1808
-sk_CONF_VALUE_num                       1809
-sk_CONF_VALUE_pop_free                  1810
-sk_CONF_VALUE_free                      1811
-sk_CONF_VALUE_shift                     1812
-sk_CONF_VALUE_unshift                   1813
-sk_CONF_VALUE_value                     1814
-sk_CONF_VALUE_set                       1815
-sk_CONF_VALUE_zero                      1816
-sk_CONF_VALUE_push                      1817
-sk_CONF_VALUE_delete_ptr                1818
-sk_CONF_VALUE_find                      1819
-sk_CONF_VALUE_set_cmp_func              1820
-sk_CONF_VALUE_new_null                  1821
-sk_CONF_VALUE_dup                       1822
-sk_CONF_VALUE_insert                    1823
-sk_CONF_VALUE_new                       1824
-sk_ASN1_OBJECT_find                     1825
-sk_ASN1_OBJECT_pop_free                 1826
-sk_ASN1_OBJECT_dup                      1827
-sk_ASN1_OBJECT_delete_ptr               1828
-sk_ASN1_OBJECT_new                      1829
-sk_ASN1_OBJECT_unshift                  1830
-sk_ASN1_OBJECT_delete                   1831
-sk_ASN1_OBJECT_shift                    1832
-sk_ASN1_OBJECT_pop                      1833
-sk_ASN1_OBJECT_num                      1834
-sk_ASN1_OBJECT_value                    1835
-sk_ASN1_OBJECT_new_null                 1836
-i2d_ASN1_SET_OF_ASN1_OBJECT             1837
-sk_ASN1_OBJECT_free                     1838
-sk_ASN1_OBJECT_set                      1839
-sk_ASN1_OBJECT_set_cmp_func             1840
-sk_ASN1_OBJECT_zero                     1841
-sk_ASN1_OBJECT_insert                   1842
-sk_ASN1_OBJECT_push                     1843
-d2i_ASN1_SET_OF_ASN1_OBJECT             1844
-PKCS7_signatureVerify                   1845
-RSA_set_method                          1846
-RSA_get_method                          1847
-RSA_get_default_method                  1848
-sk_CONF_VALUE_sort                      1849
-sk_X509_REVOKED_sort                    1850
-sk_X509_ATTRIBUTE_sort                  1851
-sk_X509_INFO_sort                       1852
-sk_POLICYINFO_sort                      1853
-sk_GENERAL_NAME_sort                    1854
-sk_X509_sort                            1855
-sk_X509_NAME_sort                       1856
-sk_ASN1_TYPE_sort                       1857
-sk_X509_ALGOR_sort                      1858
-sk_PKCS7_RECIP_INFO_sort                1859
-sk_X509_NAME_ENTRY_sort                 1860
-sk_X509_EXTENSION_sort                  1861
-sk_SXNETID_sort                         1862
-sk_ASN1_OBJECT_sort                     1863
-sk_PKCS7_SIGNER_INFO_sort               1864
-sk_X509_LOOKUP_sort                     1865
-sk_POLICYQUALINFO_sort                  1866
-sk_X509_CRL_sort                        1867
-sk_DIST_POINT_sort                      1868
-RSA_check_key                           1869
-OBJ_obj2txt                             1870
-DSA_dup_DH                              1871
-X509_REQ_get_extensions                 1872
-X509_REQ_set_extension_nids             1873
-BIO_nwrite                              1874
-X509_REQ_extension_nid                  1875
-BIO_nread                               1876
-X509_REQ_get_extension_nids              1877
-BIO_nwrite0                             1878
-X509_REQ_add_extensions_nid             1879
-BIO_nread0                              1880
-X509_REQ_add_extensions                 1881
-BIO_new_mem_buf                         1882
-DH_set_ex_data                          1883
-DH_set_method                           1884
-DSA_OpenSSL                             1885
-DH_get_ex_data                          1886
-DH_get_ex_new_index                     1887
-DSA_new_method                          1888
-DH_new_method                           1889
-DH_OpenSSL                              1890
-DSA_get_ex_new_index                    1891
-DH_get_default_method                   1892
-DSA_set_ex_data                         1893
-DH_set_default_method                   1894
-DSA_get_ex_data                         1895
-X509V3_EXT_REQ_add_conf                 1896
-NETSCAPE_SPKI_print                     1897
-NETSCAPE_SPKI_set_pubkey                1898
-NETSCAPE_SPKI_b64_encode                1899
-NETSCAPE_SPKI_get_pubkey                1900
-NETSCAPE_SPKI_b64_decode                1901
-UTF8_putc                               1902
-UTF8_getc                               1903
-RSA_null_method                         1904
-ASN1_tag2str                            1905
-BIO_ctrl_reset_read_request             1906
-DISPLAYTEXT_new                         1907
-ASN1_GENERALIZEDTIME_free               1908
-X509_REVOKED_get_ext_d2i                1909
-X509_set_ex_data                        1910
-X509_reject_set_bit_asc                 1911
-X509_NAME_add_entry_by_txt              1912
-sk_X509_TRUST_pop                       1913
-X509_NAME_add_entry_by_NID              1914
-X509_PURPOSE_get0                       1915
-sk_ACCESS_DESCRIPTION_shift             1916
-PEM_read_X509_AUX                       1917
-d2i_AUTHORITY_INFO_ACCESS               1918
-sk_X509_TRUST_set_cmp_func              1919
-sk_X509_TRUST_free                      1920
-PEM_write_PUBKEY                        1921
-sk_X509_TRUST_num                       1922
-sk_ACCESS_DESCRIPTION_delete            1923
-sk_ASN1_STRING_TABLE_value              1924
-ACCESS_DESCRIPTION_new                  1925
-X509_CERT_AUX_free                      1926
-d2i_ACCESS_DESCRIPTION                  1927
-X509_trust_clear                        1928
-sk_X509_PURPOSE_value                   1929
-sk_X509_PURPOSE_zero                    1930
-X509_TRUST_add                          1931
-ASN1_VISIBLESTRING_new                  1932
-X509_alias_set1                         1933
-ASN1_PRINTABLESTRING_free               1934
-EVP_PKEY_get1_DSA                       1935
-ASN1_BMPSTRING_new                      1936
-ASN1_mbstring_copy                      1937
-ASN1_UTF8STRING_new                     1938
-sk_ACCESS_DESCRIPTION_set               1939
-sk_X509_PURPOSE_pop                     1940
-DSA_get_default_method                  1941
-sk_X509_PURPOSE_push                    1942
-sk_X509_PURPOSE_delete                  1943
-sk_X509_PURPOSE_num                     1944
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945
-ASN1_T61STRING_free                     1946
-sk_ACCESS_DESCRIPTION_free              1947
-sk_ASN1_STRING_TABLE_pop                1948
-DSA_set_method                          1949
-X509_get_ex_data                        1950
-ASN1_STRING_type                        1951
-X509_PURPOSE_get_by_sname               1952
-sk_X509_PURPOSE_find                    1953
-ASN1_TIME_free                          1954
-ASN1_OCTET_STRING_cmp                   1955
-sk_ACCESS_DESCRIPTION_value             1956
-ASN1_BIT_STRING_new                     1957
-X509_get_ext_d2i                        1958
-PEM_read_bio_X509_AUX                   1959
-ASN1_STRING_set_default_mask_asc        1960
-PEM_write_bio_RSA_PUBKEY                1961
-sk_ASN1_STRING_TABLE_num                1962
-ASN1_INTEGER_cmp                        1963
-d2i_RSA_PUBKEY_fp                       1964
-sk_ACCESS_DESCRIPTION_unshift           1965
-sk_ASN1_STRING_TABLE_delete_ptr         1966
-X509_trust_set_bit_asc                  1967
-PEM_write_bio_DSA_PUBKEY                1968
-X509_STORE_CTX_free                     1969
-EVP_PKEY_set1_DSA                       1970
-i2d_DSA_PUBKEY_fp                       1971
-X509_load_cert_crl_file                 1972
-ASN1_TIME_new                           1973
-i2d_RSA_PUBKEY                          1974
-sk_X509_TRUST_pop_free                  1975
-X509_STORE_CTX_purpose_inherit          1976
-PEM_read_RSA_PUBKEY                     1977
-sk_X509_TRUST_zero                      1978
-sk_ACCESS_DESCRIPTION_pop_free          1979
-d2i_X509_AUX                            1980
-i2d_DSA_PUBKEY                          1981
-X509_CERT_AUX_print                     1982
-sk_X509_PURPOSE_new_null                1983
-PEM_read_DSA_PUBKEY                     1984
-i2d_RSA_PUBKEY_bio                      1985
-ASN1_BIT_STRING_num_asc                 1986
-i2d_PUBKEY                              1987
-ASN1_UTCTIME_free                       1988
-DSA_set_default_method                  1989
-X509_PURPOSE_get_by_id                  1990
-sk_X509_TRUST_push                      1991
-sk_ASN1_STRING_TABLE_sort               1992
-sk_X509_PURPOSE_set_cmp_func            1993
-ACCESS_DESCRIPTION_free                 1994
-PEM_read_bio_PUBKEY                     1995
-ASN1_STRING_set_by_NID                  1996
-X509_PURPOSE_get_id                     1997
-DISPLAYTEXT_free                        1998
-OTHERNAME_new                           1999
-sk_X509_TRUST_find                      2000
-X509_CERT_AUX_new                       2001
-sk_ACCESS_DESCRIPTION_dup               2002
-sk_ASN1_STRING_TABLE_pop_free           2003
-sk_ASN1_STRING_TABLE_unshift            2004
-sk_X509_TRUST_shift                     2005
-sk_ACCESS_DESCRIPTION_zero              2006
-X509_TRUST_cleanup                      2007
-X509_NAME_add_entry_by_OBJ              2008
-X509_CRL_get_ext_d2i                    2009
-sk_X509_TRUST_set                       2010
-X509_PURPOSE_get0_name                  2011
-PEM_read_PUBKEY                         2012
-sk_ACCESS_DESCRIPTION_new               2013
-i2d_DSA_PUBKEY_bio                      2014
-i2d_OTHERNAME                           2015
-ASN1_OCTET_STRING_free                  2016
-ASN1_BIT_STRING_set_asc                 2017
-sk_ACCESS_DESCRIPTION_push              2018
-X509_get_ex_new_index                   2019
-ASN1_STRING_TABLE_cleanup               2020
-X509_TRUST_get_by_id                    2021
-X509_PURPOSE_get_trust                  2022
-ASN1_STRING_length                      2023
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024
-ASN1_PRINTABLESTRING_new                2025
-X509V3_get_d2i                          2026
-ASN1_ENUMERATED_free                    2027
-i2d_X509_CERT_AUX                       2028
-sk_ACCESS_DESCRIPTION_find              2029
-X509_STORE_CTX_set_trust                2030
-sk_X509_PURPOSE_unshift                 2031
-ASN1_STRING_set_default_mask            2032
-X509_STORE_CTX_new                      2033
-EVP_PKEY_get1_RSA                       2034
-sk_X509_PURPOSE_set                     2035
-sk_ASN1_STRING_TABLE_insert             2036
-sk_X509_PURPOSE_sort                    2037
-DIRECTORYSTRING_free                    2038
-PEM_write_X509_AUX                      2039
-ASN1_OCTET_STRING_set                   2040
-d2i_DSA_PUBKEY_fp                       2041
-sk_ASN1_STRING_TABLE_free               2042
-sk_X509_TRUST_value                     2043
-d2i_RSA_PUBKEY                          2044
-sk_ASN1_STRING_TABLE_set                2045
-X509_TRUST_get0_name                    2046
-X509_TRUST_get0                         2047
-AUTHORITY_INFO_ACCESS_free              2048
-ASN1_IA5STRING_new                      2049
-d2i_DSA_PUBKEY                          2050
-X509_check_purpose                      2051
-ASN1_ENUMERATED_new                     2052
-d2i_RSA_PUBKEY_bio                      2053
-d2i_PUBKEY                              2054
-X509_TRUST_get_trust                    2055
-X509_TRUST_get_flags                    2056
-ASN1_BMPSTRING_free                     2057
-ASN1_T61STRING_new                      2058
-sk_X509_TRUST_unshift                   2059
-ASN1_UTCTIME_new                        2060
-sk_ACCESS_DESCRIPTION_pop               2061
-i2d_AUTHORITY_INFO_ACCESS               2062
-EVP_PKEY_set1_RSA                       2063
-X509_STORE_CTX_set_purpose              2064
-ASN1_IA5STRING_free                     2065
-PEM_write_bio_X509_AUX                  2066
-X509_PURPOSE_get_count                  2067
-CRYPTO_add_info                         2068
-sk_ACCESS_DESCRIPTION_num               2069
-sk_ASN1_STRING_TABLE_set_cmp_func       2070
-X509_NAME_ENTRY_create_by_txt           2071
-ASN1_STRING_get_default_mask            2072
-sk_X509_TRUST_dup                       2073
-X509_alias_get0                         2074
-ASN1_STRING_data                        2075
-sk_X509_TRUST_insert                    2076
-i2d_ACCESS_DESCRIPTION                  2077
-X509_trust_set_bit                      2078
-sk_X509_PURPOSE_delete_ptr              2079
-ASN1_BIT_STRING_free                    2080
-PEM_read_bio_RSA_PUBKEY                 2081
-X509_add1_reject_object                 2082
-X509_check_trust                        2083
-sk_X509_TRUST_new_null                  2084
-sk_ACCESS_DESCRIPTION_new_null          2085
-sk_ACCESS_DESCRIPTION_delete_ptr        2086
-sk_X509_TRUST_sort                      2087
-PEM_read_bio_DSA_PUBKEY                 2088
-sk_X509_TRUST_new                       2089
-X509_PURPOSE_add                        2090
-ASN1_STRING_TABLE_get                   2091
-ASN1_UTF8STRING_free                    2092
-d2i_DSA_PUBKEY_bio                      2093
-sk_ASN1_STRING_TABLE_delete             2094
-PEM_write_RSA_PUBKEY                    2095
-d2i_OTHERNAME                           2096
-sk_ACCESS_DESCRIPTION_insert            2097
-X509_reject_set_bit                     2098
-sk_X509_TRUST_delete_ptr                2099
-sk_X509_PURPOSE_pop_free                2100
-PEM_write_DSA_PUBKEY                    2101
-sk_X509_PURPOSE_free                    2102
-sk_X509_PURPOSE_dup                     2103
-sk_ASN1_STRING_TABLE_zero               2104
-X509_PURPOSE_get0_sname                 2105
-sk_ASN1_STRING_TABLE_shift              2106
-EVP_PKEY_set1_DH                        2107
-ASN1_OCTET_STRING_dup                   2108
-ASN1_BIT_STRING_set                     2109
-X509_TRUST_get_count                    2110
-ASN1_INTEGER_free                       2111
-OTHERNAME_free                          2112
-i2d_RSA_PUBKEY_fp                       2113
-ASN1_INTEGER_dup                        2114
-d2i_X509_CERT_AUX                       2115
-sk_ASN1_STRING_TABLE_new_null           2116
-PEM_write_bio_PUBKEY                    2117
-ASN1_VISIBLESTRING_free                 2118
-X509_PURPOSE_cleanup                    2119
-sk_ASN1_STRING_TABLE_push               2120
-sk_ASN1_STRING_TABLE_dup                2121
-sk_X509_PURPOSE_shift                   2122
-ASN1_mbstring_ncopy                     2123
-sk_X509_PURPOSE_new                     2124
-sk_X509_PURPOSE_insert                  2125
-ASN1_GENERALIZEDTIME_new                2126
-sk_ACCESS_DESCRIPTION_sort              2127
-EVP_PKEY_get1_DH                        2128
-sk_ACCESS_DESCRIPTION_set_cmp_func      2129
-ASN1_OCTET_STRING_new                   2130
-ASN1_INTEGER_new                        2131
-i2d_X509_AUX                            2132
-sk_ASN1_STRING_TABLE_find               2133
-ASN1_BIT_STRING_name_print              2134
-X509_cmp                                2135
-ASN1_STRING_length_set                  2136
-DIRECTORYSTRING_new                     2137
-sk_ASN1_STRING_TABLE_new                2138
-sk_X509_TRUST_delete                    2139
-X509_add1_trust_object                  2140
-PKCS12_newpass                          2141
-SMIME_write_PKCS7                       2142
-SMIME_read_PKCS7                        2143
-des_set_key_checked                     2144
-PKCS7_verify                            2145
-PKCS7_encrypt                           2146
-des_set_key_unchecked                   2147
-SMIME_crlf_copy                         2148
-i2d_ASN1_PRINTABLESTRING                2149
-PKCS7_get0_signers                      2150
-PKCS7_decrypt                           2151
-SMIME_text                              2152
-PKCS7_simple_smimecap                   2153
-PKCS7_get_smimecap                      2154
-PKCS7_sign                              2155
-PKCS7_add_attrib_smimecap               2156
-CRYPTO_dbg_set_options                  2157
-CRYPTO_remove_all_info                  2158
-CRYPTO_get_mem_debug_functions          2159
-CRYPTO_is_mem_check_on                  2160
-CRYPTO_set_mem_debug_functions          2161
-CRYPTO_pop_info                         2162
-CRYPTO_push_info_                       2163
-CRYPTO_set_mem_debug_options            2164
-PEM_write_PKCS8PrivateKey_nid           2165
-PEM_write_bio_PKCS8PrivateKey_nid       2166
-d2i_PKCS8PrivateKey_bio                 2167
-ASN1_NULL_free                          2168
-d2i_ASN1_NULL                           2169
-ASN1_NULL_new                           2170
-i2d_PKCS8PrivateKey_bio                 2171
-i2d_PKCS8PrivateKey_fp                  2172
-i2d_ASN1_NULL                           2173
-i2d_PKCS8PrivateKey_nid_fp              2174
-d2i_PKCS8PrivateKey_fp                  2175
-i2d_PKCS8PrivateKey_nid_bio             2176
-i2d_PKCS8PrivateKeyInfo_fp              2177
-i2d_PKCS8PrivateKeyInfo_bio             2178
-PEM_cb                                  2179
-i2d_PrivateKey_fp                       2180
-d2i_PrivateKey_bio                      2181
-d2i_PrivateKey_fp                       2182
-i2d_PrivateKey_bio                      2183
-X509_reject_clear                       2184
-X509_TRUST_set_default                  2185
-d2i_AutoPrivateKey                      2186
-X509_ATTRIBUTE_get0_type                2187
-X509_ATTRIBUTE_set1_data                2188
-X509at_get_attr                         2189
-X509at_get_attr_count                   2190
-X509_ATTRIBUTE_create_by_NID            2191
-X509_ATTRIBUTE_set1_object              2192
-X509_ATTRIBUTE_count                    2193
-X509_ATTRIBUTE_create_by_OBJ            2194
-X509_ATTRIBUTE_get0_object              2195
-X509at_get_attr_by_NID                  2196
-X509at_add1_attr                        2197
-X509_ATTRIBUTE_get0_data                2198
-X509at_delete_attr                      2199
-X509at_get_attr_by_OBJ                  2200
-RAND_add                                2201
-BIO_number_written                      2202
-BIO_number_read                         2203
-X509_STORE_CTX_get1_chain               2204
-ERR_load_RAND_strings                   2205
-RAND_pseudo_bytes                       2206
-X509_REQ_get_attr_by_NID                2207
-X509_REQ_get_attr                       2208
-X509_REQ_add1_attr_by_NID               2209
-X509_REQ_get_attr_by_OBJ                2210
-X509at_add1_attr_by_NID                 2211
-X509_REQ_add1_attr_by_OBJ               2212
-X509_REQ_get_attr_count                 2213
-X509_REQ_add1_attr                      2214
-X509_REQ_delete_attr                    2215
-X509at_add1_attr_by_OBJ                 2216
-X509_REQ_add1_attr_by_txt               2217
-X509_ATTRIBUTE_create_by_txt            2218
-X509at_add1_attr_by_txt                 2219
-sk_CRYPTO_EX_DATA_FUNCS_delete          2220
-sk_CRYPTO_EX_DATA_FUNCS_set             2221
-sk_CRYPTO_EX_DATA_FUNCS_unshift         2222
-sk_CRYPTO_EX_DATA_FUNCS_new_null        2223
-sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func    2224
-sk_CRYPTO_EX_DATA_FUNCS_sort            2225
-sk_CRYPTO_EX_DATA_FUNCS_dup             2226
-sk_CRYPTO_EX_DATA_FUNCS_shift           2227
-sk_CRYPTO_EX_DATA_FUNCS_value           2228
-sk_CRYPTO_EX_DATA_FUNCS_pop             2229
-sk_CRYPTO_EX_DATA_FUNCS_push            2230
-sk_CRYPTO_EX_DATA_FUNCS_find            2231
-sk_CRYPTO_EX_DATA_FUNCS_new             2232
-sk_CRYPTO_EX_DATA_FUNCS_free            2233
-sk_CRYPTO_EX_DATA_FUNCS_delete_ptr      2234
-sk_CRYPTO_EX_DATA_FUNCS_num             2235
-sk_CRYPTO_EX_DATA_FUNCS_pop_free        2236
-sk_CRYPTO_EX_DATA_FUNCS_insert          2237
-sk_CRYPTO_EX_DATA_FUNCS_zero            2238
-BN_pseudo_rand                          2239
-BN_is_prime_fasttest                    2240
-BN_CTX_end                              2241
-BN_CTX_start                            2242
-BN_CTX_get                              2243
-EVP_PKEY2PKCS8_broken                   2244
-ASN1_STRING_TABLE_add                   2245
-CRYPTO_dbg_get_options                  2246
-AUTHORITY_INFO_ACCESS_new               2247
-CRYPTO_get_mem_debug_options            2248
-des_crypt                               2249
-PEM_write_bio_X509_REQ_NEW              2250
-PEM_write_X509_REQ_NEW                  2251
-BIO_callback_ctrl                       2252
-RAND_egd                                2253
-RAND_status                             2254
-bn_dump1                                2255
-des_check_key_parity                    2256
-lh_num_items                            2257
-RAND_event                              2258
+SSLeay                                  1       EXIST::FUNCTION:
+SSLeay_version                          2       EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3       EXIST::FUNCTION:
+ASN1_HEADER_free                        4       EXIST::FUNCTION:
+ASN1_HEADER_new                         5       EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6       EXIST::FUNCTION:
+ASN1_INTEGER_get                        7       EXIST::FUNCTION:
+ASN1_INTEGER_set                        8       EXIST::FUNCTION:
+ASN1_INTEGER_to_BN                      9       EXIST::FUNCTION:
+ASN1_OBJECT_create                      10      EXIST::FUNCTION:
+ASN1_OBJECT_free                        11      EXIST::FUNCTION:
+ASN1_OBJECT_new                         12      EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     13      EXIST::FUNCTION:
+ASN1_STRING_cmp                         14      EXIST::FUNCTION:
+ASN1_STRING_dup                         15      EXIST::FUNCTION:
+ASN1_STRING_free                        16      EXIST::FUNCTION:
+ASN1_STRING_new                         17      EXIST::FUNCTION:
+ASN1_STRING_print                       18      EXIST::FUNCTION:
+ASN1_STRING_set                         19      EXIST::FUNCTION:
+ASN1_STRING_type_new                    20      EXIST::FUNCTION:
+ASN1_TYPE_free                          21      EXIST::FUNCTION:
+ASN1_TYPE_new                           22      EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string          23      EXIST::FUNCTION:
+ASN1_UTCTIME_check                      24      EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25      EXIST::FUNCTION:
+ASN1_UTCTIME_set                        26      EXIST::FUNCTION:
+ASN1_check_infinite_end                 27      EXIST::FUNCTION:
+ASN1_d2i_bio                            28      EXIST::FUNCTION:
+ASN1_d2i_fp                             29      EXIST::FUNCTION:FP_API
+ASN1_digest                             30      EXIST::FUNCTION:
+ASN1_dup                                31      EXIST::FUNCTION:
+ASN1_get_object                         32      EXIST::FUNCTION:
+ASN1_i2d_bio                            33      EXIST::FUNCTION:
+ASN1_i2d_fp                             34      EXIST::FUNCTION:FP_API
+ASN1_object_size                        35      EXIST::FUNCTION:
+ASN1_parse                              36      EXIST::FUNCTION:
+ASN1_put_object                         37      EXIST::FUNCTION:
+ASN1_sign                               38      EXIST::FUNCTION:
+ASN1_verify                             39      EXIST::FUNCTION:
+BF_cbc_encrypt                          40      EXIST::FUNCTION:BF
+BF_cfb64_encrypt                        41      EXIST::FUNCTION:BF
+BF_ecb_encrypt                          42      EXIST::FUNCTION:BF
+BF_encrypt                              43      EXIST::FUNCTION:BF
+BF_ofb64_encrypt                        44      EXIST::FUNCTION:BF
+BF_options                              45      EXIST::FUNCTION:BF
+BF_set_key                              46      EXIST::FUNCTION:BF
+BIO_CONNECT_free                        47      NOEXIST::FUNCTION:
+BIO_CONNECT_new                         48      NOEXIST::FUNCTION:
+BIO_accept                              51      EXIST::FUNCTION:
+BIO_ctrl                                52      EXIST::FUNCTION:
+BIO_int_ctrl                            53      EXIST::FUNCTION:
+BIO_debug_callback                      54      EXIST::FUNCTION:
+BIO_dump                                55      EXIST::FUNCTION:
+BIO_dup_chain                           56      EXIST::FUNCTION:
+BIO_f_base64                            57      EXIST::FUNCTION:
+BIO_f_buffer                            58      EXIST::FUNCTION:
+BIO_f_cipher                            59      EXIST::FUNCTION:
+BIO_f_md                                60      EXIST::FUNCTION:
+BIO_f_null                              61      EXIST::FUNCTION:
+BIO_f_proxy_server                      62      NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error                  63      EXIST::FUNCTION:
+BIO_fd_should_retry                     64      EXIST::FUNCTION:
+BIO_find_type                           65      EXIST::FUNCTION:
+BIO_free                                66      EXIST::FUNCTION:
+BIO_free_all                            67      EXIST::FUNCTION:
+BIO_get_accept_socket                   69      EXIST::FUNCTION:
+BIO_get_filter_bio                      70      NOEXIST::FUNCTION:
+BIO_get_host_ip                         71      EXIST::FUNCTION:
+BIO_get_port                            72      EXIST::FUNCTION:
+BIO_get_retry_BIO                       73      EXIST::FUNCTION:
+BIO_get_retry_reason                    74      EXIST::FUNCTION:
+BIO_gethostbyname                       75      EXIST::FUNCTION:
+BIO_gets                                76      EXIST::FUNCTION:
+BIO_new                                 78      EXIST::FUNCTION:
+BIO_new_accept                          79      EXIST::FUNCTION:
+BIO_new_connect                         80      EXIST::FUNCTION:
+BIO_new_fd                              81      EXIST::FUNCTION:
+BIO_new_file                            82      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp                              83      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_socket                          84      EXIST::FUNCTION:
+BIO_pop                                 85      EXIST::FUNCTION:
+BIO_printf                              86      EXIST::FUNCTION:
+BIO_push                                87      EXIST::FUNCTION:
+BIO_puts                                88      EXIST::FUNCTION:
+BIO_read                                89      EXIST::FUNCTION:
+BIO_s_accept                            90      EXIST::FUNCTION:
+BIO_s_connect                           91      EXIST::FUNCTION:
+BIO_s_fd                                92      EXIST::FUNCTION:
+BIO_s_file                              93      EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_mem                               95      EXIST::FUNCTION:
+BIO_s_null                              96      EXIST::FUNCTION:
+BIO_s_proxy_client                      97      NOEXIST::FUNCTION:
+BIO_s_socket                            98      EXIST::FUNCTION:
+BIO_set                                 100     EXIST::FUNCTION:
+BIO_set_cipher                          101     EXIST::FUNCTION:
+BIO_set_tcp_ndelay                      102     EXIST::FUNCTION:
+BIO_sock_cleanup                        103     EXIST::FUNCTION:
+BIO_sock_error                          104     EXIST::FUNCTION:
+BIO_sock_init                           105     EXIST::FUNCTION:
+BIO_sock_non_fatal_error                106     EXIST::FUNCTION:
+BIO_sock_should_retry                   107     EXIST::FUNCTION:
+BIO_socket_ioctl                        108     EXIST::FUNCTION:
+BIO_write                               109     EXIST::FUNCTION:
+BN_CTX_free                             110     EXIST::FUNCTION:
+BN_CTX_new                              111     EXIST::FUNCTION:
+BN_MONT_CTX_free                        112     EXIST::FUNCTION:
+BN_MONT_CTX_new                         113     EXIST::FUNCTION:
+BN_MONT_CTX_set                         114     EXIST::FUNCTION:
+BN_add                                  115     EXIST::FUNCTION:
+BN_add_word                             116     EXIST::FUNCTION:
+BN_hex2bn                               117     EXIST::FUNCTION:
+BN_bin2bn                               118     EXIST::FUNCTION:
+BN_bn2hex                               119     EXIST::FUNCTION:
+BN_bn2bin                               120     EXIST::FUNCTION:
+BN_clear                                121     EXIST::FUNCTION:
+BN_clear_bit                            122     EXIST::FUNCTION:
+BN_clear_free                           123     EXIST::FUNCTION:
+BN_cmp                                  124     EXIST::FUNCTION:
+BN_copy                                 125     EXIST::FUNCTION:
+BN_div                                  126     EXIST::FUNCTION:
+BN_div_word                             127     EXIST::FUNCTION:
+BN_dup                                  128     EXIST::FUNCTION:
+BN_free                                 129     EXIST::FUNCTION:
+BN_from_montgomery                      130     EXIST::FUNCTION:
+BN_gcd                                  131     EXIST::FUNCTION:
+BN_generate_prime                       132     EXIST::FUNCTION:
+BN_get_word                             133     EXIST::FUNCTION:
+BN_is_bit_set                           134     EXIST::FUNCTION:
+BN_is_prime                             135     EXIST::FUNCTION:
+BN_lshift                               136     EXIST::FUNCTION:
+BN_lshift1                              137     EXIST::FUNCTION:
+BN_mask_bits                            138     EXIST::FUNCTION:
+BN_mod                                  139     EXIST::FUNCTION:
+BN_mod_exp                              140     EXIST::FUNCTION:
+BN_mod_exp_mont                         141     EXIST::FUNCTION:
+BN_mod_exp_simple                       143     EXIST::FUNCTION:
+BN_mod_inverse                          144     EXIST::FUNCTION:
+BN_mod_mul                              145     EXIST::FUNCTION:
+BN_mod_mul_montgomery                   146     EXIST::FUNCTION:
+BN_mod_word                             148     EXIST::FUNCTION:
+BN_mul                                  149     EXIST::FUNCTION:
+BN_new                                  150     EXIST::FUNCTION:
+BN_num_bits                             151     EXIST::FUNCTION:
+BN_num_bits_word                        152     EXIST::FUNCTION:
+BN_options                              153     EXIST::FUNCTION:
+BN_print                                154     EXIST::FUNCTION:
+BN_print_fp                             155     EXIST::FUNCTION:FP_API
+BN_rand                                 156     EXIST::FUNCTION:
+BN_reciprocal                           157     EXIST::FUNCTION:
+BN_rshift                               158     EXIST::FUNCTION:
+BN_rshift1                              159     EXIST::FUNCTION:
+BN_set_bit                              160     EXIST::FUNCTION:
+BN_set_word                             161     EXIST::FUNCTION:
+BN_sqr                                  162     EXIST::FUNCTION:
+BN_sub                                  163     EXIST::FUNCTION:
+BN_to_ASN1_INTEGER                      164     EXIST::FUNCTION:
+BN_ucmp                                 165     EXIST::FUNCTION:
+BN_value_one                            166     EXIST::FUNCTION:
+BUF_MEM_free                            167     EXIST::FUNCTION:
+BUF_MEM_grow                            168     EXIST::FUNCTION:
+BUF_MEM_new                             169     EXIST::FUNCTION:
+BUF_strdup                              170     EXIST::FUNCTION:
+CONF_free                               171     EXIST::FUNCTION:
+CONF_get_number                         172     EXIST::FUNCTION:
+CONF_get_section                        173     EXIST::FUNCTION:
+CONF_get_string                         174     EXIST::FUNCTION:
+CONF_load                               175     EXIST::FUNCTION:
+CRYPTO_add_lock                         176     EXIST::FUNCTION:
+CRYPTO_dbg_free                         177     EXIST::FUNCTION:
+CRYPTO_dbg_malloc                       178     EXIST::FUNCTION:
+CRYPTO_dbg_realloc                      179     EXIST::FUNCTION:
+CRYPTO_dbg_remalloc                     180     NOEXIST::FUNCTION:
+CRYPTO_free                             181     EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback            182     EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183     EXIST::FUNCTION:
+CRYPTO_get_lock_name                    184     EXIST::FUNCTION:
+CRYPTO_get_locking_callback             185     EXIST::FUNCTION:
+CRYPTO_get_mem_functions                186     EXIST::FUNCTION:
+CRYPTO_lock                             187     EXIST::FUNCTION:
+CRYPTO_malloc                           188     EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         189     EXIST::FUNCTION:
+CRYPTO_mem_leaks                        190     EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb                     191     EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     192     EXIST::FUNCTION:FP_API
+CRYPTO_realloc                          193     EXIST::FUNCTION:
+CRYPTO_remalloc                         194     EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback            195     EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196     EXIST::FUNCTION:
+CRYPTO_set_locking_callback             197     EXIST::FUNCTION:
+CRYPTO_set_mem_functions                198     EXIST::FUNCTION:
+CRYPTO_thread_id                        199     EXIST::FUNCTION:
+DH_check                                200     EXIST::FUNCTION:DH
+DH_compute_key                          201     EXIST::FUNCTION:DH
+DH_free                                 202     EXIST::FUNCTION:DH
+DH_generate_key                         203     EXIST::FUNCTION:DH
+DH_generate_parameters                  204     EXIST::FUNCTION:DH
+DH_new                                  205     EXIST::FUNCTION:DH
+DH_size                                 206     EXIST::FUNCTION:DH
+DHparams_print                          207     EXIST::FUNCTION:DH
+DHparams_print_fp                       208     EXIST::FUNCTION:DH,FP_API
+DSA_free                                209     EXIST::FUNCTION:DSA
+DSA_generate_key                        210     EXIST::FUNCTION:DSA
+DSA_generate_parameters                 211     EXIST::FUNCTION:DSA
+DSA_is_prime                            212     NOEXIST::FUNCTION:
+DSA_new                                 213     EXIST::FUNCTION:DSA
+DSA_print                               214     EXIST::FUNCTION:DSA
+DSA_print_fp                            215     EXIST::FUNCTION:DSA,FP_API
+DSA_sign                                216     EXIST::FUNCTION:DSA
+DSA_sign_setup                          217     EXIST::FUNCTION:DSA
+DSA_size                                218     EXIST::FUNCTION:DSA
+DSA_verify                              219     EXIST::FUNCTION:DSA
+DSAparams_print                         220     EXIST::FUNCTION:DSA
+DSAparams_print_fp                      221     EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error                         222     EXIST::FUNCTION:
+ERR_error_string                        223     EXIST::FUNCTION:
+ERR_free_strings                        224     EXIST::FUNCTION:
+ERR_func_error_string                   225     EXIST::FUNCTION:
+ERR_get_err_state_table                 226     EXIST::FUNCTION:
+ERR_get_error                           227     EXIST::FUNCTION:
+ERR_get_error_line                      228     EXIST::FUNCTION:
+ERR_get_state                           229     EXIST::FUNCTION:
+ERR_get_string_table                    230     EXIST::FUNCTION:
+ERR_lib_error_string                    231     EXIST::FUNCTION:
+ERR_load_ASN1_strings                   232     EXIST::FUNCTION:
+ERR_load_BIO_strings                    233     EXIST::FUNCTION:
+ERR_load_BN_strings                     234     EXIST::FUNCTION:
+ERR_load_BUF_strings                    235     EXIST::FUNCTION:
+ERR_load_CONF_strings                   236     EXIST::FUNCTION:
+ERR_load_DH_strings                     237     EXIST::FUNCTION:DH
+ERR_load_DSA_strings                    238     EXIST::FUNCTION:DSA
+ERR_load_ERR_strings                    239     EXIST::FUNCTION:
+ERR_load_EVP_strings                    240     EXIST::FUNCTION:
+ERR_load_OBJ_strings                    241     EXIST::FUNCTION:
+ERR_load_PEM_strings                    242     EXIST::FUNCTION:
+ERR_load_PROXY_strings                  243     NOEXIST::FUNCTION:
+ERR_load_RSA_strings                    244     EXIST::FUNCTION:RSA
+ERR_load_X509_strings                   245     EXIST::FUNCTION:
+ERR_load_crypto_strings                 246     EXIST::FUNCTION:
+ERR_load_strings                        247     EXIST::FUNCTION:
+ERR_peek_error                          248     EXIST::FUNCTION:
+ERR_peek_error_line                     249     EXIST::FUNCTION:
+ERR_print_errors                        250     EXIST::FUNCTION:
+ERR_print_errors_fp                     251     EXIST::FUNCTION:FP_API
+ERR_put_error                           252     EXIST::FUNCTION:
+ERR_reason_error_string                 253     EXIST::FUNCTION:
+ERR_remove_state                        254     EXIST::FUNCTION:
+EVP_BytesToKey                          255     EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup                  256     EXIST::FUNCTION:
+EVP_CipherFinal                         257     EXIST::FUNCTION:
+EVP_CipherInit                          258     EXIST::FUNCTION:
+EVP_CipherUpdate                        259     EXIST::FUNCTION:
+EVP_DecodeBlock                         260     EXIST::FUNCTION:
+EVP_DecodeFinal                         261     EXIST::FUNCTION:
+EVP_DecodeInit                          262     EXIST::FUNCTION:
+EVP_DecodeUpdate                        263     EXIST::FUNCTION:
+EVP_DecryptFinal                        264     EXIST::FUNCTION:
+EVP_DecryptInit                         265     EXIST::FUNCTION:
+EVP_DecryptUpdate                       266     EXIST::FUNCTION:
+EVP_DigestFinal                         267     EXIST::FUNCTION:
+EVP_DigestInit                          268     EXIST::FUNCTION:
+EVP_DigestUpdate                        269     EXIST::FUNCTION:
+EVP_EncodeBlock                         270     EXIST::FUNCTION:
+EVP_EncodeFinal                         271     EXIST::FUNCTION:
+EVP_EncodeInit                          272     EXIST::FUNCTION:
+EVP_EncodeUpdate                        273     EXIST::FUNCTION:
+EVP_EncryptFinal                        274     EXIST::FUNCTION:
+EVP_EncryptInit                         275     EXIST::FUNCTION:
+EVP_EncryptUpdate                       276     EXIST::FUNCTION:
+EVP_OpenFinal                           277     EXIST::FUNCTION:RSA
+EVP_OpenInit                            278     EXIST::FUNCTION:RSA
+EVP_PKEY_assign                         279     EXIST::FUNCTION:
+EVP_PKEY_copy_parameters                280     EXIST::FUNCTION:
+EVP_PKEY_free                           281     EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             282     EXIST::FUNCTION:
+EVP_PKEY_new                            283     EXIST::FUNCTION:
+EVP_PKEY_save_parameters                284     EXIST::FUNCTION:
+EVP_PKEY_size                           285     EXIST::FUNCTION:
+EVP_PKEY_type                           286     EXIST::FUNCTION:
+EVP_SealFinal                           287     EXIST::FUNCTION:RSA
+EVP_SealInit                            288     EXIST::FUNCTION:RSA
+EVP_SignFinal                           289     EXIST::FUNCTION:
+EVP_VerifyFinal                         290     EXIST::FUNCTION:
+EVP_add_alias                           291     NOEXIST::FUNCTION:
+EVP_add_cipher                          292     EXIST::FUNCTION:
+EVP_add_digest                          293     EXIST::FUNCTION:
+EVP_bf_cbc                              294     EXIST::FUNCTION:BF
+EVP_bf_cfb                              295     EXIST::FUNCTION:BF
+EVP_bf_ecb                              296     EXIST::FUNCTION:BF
+EVP_bf_ofb                              297     EXIST::FUNCTION:BF
+EVP_cleanup                             298     EXIST::FUNCTION:
+EVP_des_cbc                             299     EXIST::FUNCTION:DES
+EVP_des_cfb                             300     EXIST::FUNCTION:DES
+EVP_des_ecb                             301     EXIST::FUNCTION:DES
+EVP_des_ede                             302     EXIST::FUNCTION:DES
+EVP_des_ede3                            303     EXIST::FUNCTION:DES
+EVP_des_ede3_cbc                        304     EXIST::FUNCTION:DES
+EVP_des_ede3_cfb                        305     EXIST::FUNCTION:DES
+EVP_des_ede3_ofb                        306     EXIST::FUNCTION:DES
+EVP_des_ede_cbc                         307     EXIST::FUNCTION:DES
+EVP_des_ede_cfb                         308     EXIST::FUNCTION:DES
+EVP_des_ede_ofb                         309     EXIST::FUNCTION:DES
+EVP_des_ofb                             310     EXIST::FUNCTION:DES
+EVP_desx_cbc                            311     EXIST::FUNCTION:DES
+EVP_dss                                 312     EXIST::FUNCTION:DSA
+EVP_dss1                                313     EXIST::FUNCTION:DSA
+EVP_enc_null                            314     EXIST::FUNCTION:
+EVP_get_cipherbyname                    315     EXIST::FUNCTION:
+EVP_get_digestbyname                    316     EXIST::FUNCTION:
+EVP_get_pw_prompt                       317     EXIST::FUNCTION:
+EVP_idea_cbc                            318     EXIST::FUNCTION:IDEA
+EVP_idea_cfb                            319     EXIST::FUNCTION:IDEA
+EVP_idea_ecb                            320     EXIST::FUNCTION:IDEA
+EVP_idea_ofb                            321     EXIST::FUNCTION:IDEA
+EVP_md2                                 322     EXIST::FUNCTION:MD2
+EVP_md5                                 323     EXIST::FUNCTION:MD5
+EVP_md_null                             324     EXIST::FUNCTION:
+EVP_rc2_cbc                             325     EXIST::FUNCTION:RC2
+EVP_rc2_cfb                             326     EXIST::FUNCTION:RC2
+EVP_rc2_ecb                             327     EXIST::FUNCTION:RC2
+EVP_rc2_ofb                             328     EXIST::FUNCTION:RC2
+EVP_rc4                                 329     EXIST::FUNCTION:RC4
+EVP_read_pw_string                      330     EXIST::FUNCTION:
+EVP_set_pw_prompt                       331     EXIST::FUNCTION:
+EVP_sha                                 332     EXIST::FUNCTION:SHA
+EVP_sha1                                333     EXIST::FUNCTION:SHA
+MD2                                     334     EXIST::FUNCTION:MD2
+MD2_Final                               335     EXIST::FUNCTION:MD2
+MD2_Init                                336     EXIST::FUNCTION:MD2
+MD2_Update                              337     EXIST::FUNCTION:MD2
+MD2_options                             338     EXIST::FUNCTION:MD2
+MD5                                     339     EXIST::FUNCTION:MD5
+MD5_Final                               340     EXIST::FUNCTION:MD5
+MD5_Init                                341     EXIST::FUNCTION:MD5
+MD5_Update                              342     EXIST::FUNCTION:MD5
+MDC2                                    343     EXIST::FUNCTION:MDC2
+MDC2_Final                              344     EXIST::FUNCTION:MDC2
+MDC2_Init                               345     EXIST::FUNCTION:MDC2
+MDC2_Update                             346     EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free                     347     EXIST::FUNCTION:
+NETSCAPE_SPKAC_new                      348     EXIST::FUNCTION:
+NETSCAPE_SPKI_free                      349     EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       350     EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351     EXIST::FUNCTION:
+NETSCAPE_SPKI_verify                    352     EXIST::FUNCTION:
+OBJ_add_object                          353     EXIST::FUNCTION:
+OBJ_bsearch                             354     EXIST::FUNCTION:
+OBJ_cleanup                             355     EXIST::FUNCTION:
+OBJ_cmp                                 356     EXIST::FUNCTION:
+OBJ_create                              357     EXIST::FUNCTION:
+OBJ_dup                                 358     EXIST::FUNCTION:
+OBJ_ln2nid                              359     EXIST::FUNCTION:
+OBJ_new_nid                             360     EXIST::FUNCTION:
+OBJ_nid2ln                              361     EXIST::FUNCTION:
+OBJ_nid2obj                             362     EXIST::FUNCTION:
+OBJ_nid2sn                              363     EXIST::FUNCTION:
+OBJ_obj2nid                             364     EXIST::FUNCTION:
+OBJ_sn2nid                              365     EXIST::FUNCTION:
+OBJ_txt2nid                             366     EXIST::FUNCTION:
+PEM_ASN1_read                           367     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read_bio                       368     EXIST::FUNCTION:
+PEM_ASN1_write                          369     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write_bio                      370     EXIST::FUNCTION:
+PEM_SealFinal                           371     EXIST::FUNCTION:RSA
+PEM_SealInit                            372     EXIST::FUNCTION:RSA
+PEM_SealUpdate                          373     EXIST::FUNCTION:RSA
+PEM_SignFinal                           374     EXIST::FUNCTION:
+PEM_SignInit                            375     EXIST::FUNCTION:
+PEM_SignUpdate                          376     EXIST::FUNCTION:
+PEM_X509_INFO_read                      377     EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read_bio                  378     EXIST::FUNCTION:
+PEM_X509_INFO_write_bio                 379     EXIST::FUNCTION:
+PEM_dek_info                            380     EXIST::FUNCTION:
+PEM_do_header                           381     EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO                 382     EXIST::FUNCTION:
+PEM_proc_type                           383     EXIST::FUNCTION:
+PEM_read                                384     EXIST:!WIN16:FUNCTION:
+PEM_read_DHparams                       385     EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey                  386     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams                      387     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7                          388     EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey                     389     EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey                  390     EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509                           391     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL                       392     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ                       393     EXIST:!WIN16:FUNCTION:
+PEM_read_bio                            394     EXIST::FUNCTION:
+PEM_read_bio_DHparams                   395     EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey              396     EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams                  397     EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7                      398     EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 399     EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              400     EXIST::FUNCTION:RSA
+PEM_read_bio_X509                       401     EXIST::FUNCTION:
+PEM_read_bio_X509_CRL                   402     EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   403     EXIST::FUNCTION:
+PEM_write                               404     EXIST:!WIN16:FUNCTION:
+PEM_write_DHparams                      405     EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey                 406     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams                     407     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7                         408     EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey                    409     EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey                 410     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509                          411     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL                      412     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ                      413     EXIST:!WIN16:FUNCTION:
+PEM_write_bio                           414     EXIST::FUNCTION:
+PEM_write_bio_DHparams                  415     EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey             416     EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams                 417     EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7                     418     EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                419     EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey             420     EXIST::FUNCTION:RSA
+PEM_write_bio_X509                      421     EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  422     EXIST::FUNCTION:
+PEM_write_bio_X509_REQ                  423     EXIST::FUNCTION:
+PKCS7_DIGEST_free                       424     EXIST::FUNCTION:
+PKCS7_DIGEST_new                        425     EXIST::FUNCTION:
+PKCS7_ENCRYPT_free                      426     EXIST::FUNCTION:
+PKCS7_ENCRYPT_new                       427     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  428     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   429     EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     430     EXIST::FUNCTION:
+PKCS7_ENVELOPE_new                      431     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest          432     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            433     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             434     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   435     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    436     EXIST::FUNCTION:
+PKCS7_SIGNED_free                       437     EXIST::FUNCTION:
+PKCS7_SIGNED_new                        438     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  439     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   440     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                441     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 442     EXIST::FUNCTION:
+PKCS7_dup                               443     EXIST::FUNCTION:
+PKCS7_free                              444     EXIST::FUNCTION:
+PKCS7_new                               445     EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy                 446     NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy               447     NOEXIST::FUNCTION:
+PROXY_ENTRY_free                        448     NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy                 449     NOEXIST::FUNCTION:
+PROXY_ENTRY_new                         450     NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server                  451     NOEXIST::FUNCTION:
+PROXY_add_noproxy                       452     NOEXIST::FUNCTION:
+PROXY_add_server                        453     NOEXIST::FUNCTION:
+PROXY_check_by_host                     454     NOEXIST::FUNCTION:
+PROXY_check_url                         455     NOEXIST::FUNCTION:
+PROXY_clear_noproxy                     456     NOEXIST::FUNCTION:
+PROXY_free                              457     NOEXIST::FUNCTION:
+PROXY_get_noproxy                       458     NOEXIST::FUNCTION:
+PROXY_get_proxies                       459     NOEXIST::FUNCTION:
+PROXY_get_proxy_entry                   460     NOEXIST::FUNCTION:
+PROXY_load_conf                         461     NOEXIST::FUNCTION:
+PROXY_new                               462     NOEXIST::FUNCTION:
+PROXY_print                             463     NOEXIST::FUNCTION:
+RAND_bytes                              464     EXIST::FUNCTION:
+RAND_cleanup                            465     EXIST::FUNCTION:
+RAND_file_name                          466     EXIST::FUNCTION:
+RAND_load_file                          467     EXIST::FUNCTION:
+RAND_screen                             468     EXIST::FUNCTION:
+RAND_seed                               469     EXIST::FUNCTION:
+RAND_write_file                         470     EXIST::FUNCTION:
+RC2_cbc_encrypt                         471     EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       472     EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         473     EXIST::FUNCTION:RC2
+RC2_encrypt                             474     EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       475     EXIST::FUNCTION:RC2
+RC2_set_key                             476     EXIST::FUNCTION:RC2
+RC4                                     477     EXIST::FUNCTION:RC4
+RC4_options                             478     EXIST::FUNCTION:RC4
+RC4_set_key                             479     EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth                 480     EXIST::FUNCTION:RSA
+RSAPrivateKey_dup                       481     EXIST::FUNCTION:RSA
+RSAPublicKey_dup                        482     EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay                        483     EXIST::FUNCTION:RSA
+RSA_free                                484     EXIST::FUNCTION:RSA
+RSA_generate_key                        485     EXIST::FUNCTION:RSA
+RSA_new                                 486     EXIST::FUNCTION:RSA
+RSA_new_method                          487     EXIST::FUNCTION:RSA
+RSA_print                               488     EXIST::FUNCTION:RSA
+RSA_print_fp                            489     EXIST::FUNCTION:RSA,FP_API
+RSA_private_decrypt                     490     EXIST::FUNCTION:RSA
+RSA_private_encrypt                     491     EXIST::FUNCTION:RSA
+RSA_public_decrypt                      492     EXIST::FUNCTION:RSA
+RSA_public_encrypt                      493     EXIST::FUNCTION:RSA
+RSA_set_default_method                  494     EXIST::FUNCTION:RSA
+RSA_sign                                495     EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING              496     EXIST::FUNCTION:RSA
+RSA_size                                497     EXIST::FUNCTION:RSA
+RSA_verify                              498     EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING            499     EXIST::FUNCTION:RSA
+SHA                                     500     EXIST::FUNCTION:SHA
+SHA1                                    501     EXIST::FUNCTION:SHA
+SHA1_Final                              502     EXIST::FUNCTION:SHA
+SHA1_Init                               503     EXIST::FUNCTION:SHA
+SHA1_Update                             504     EXIST::FUNCTION:SHA
+SHA_Final                               505     EXIST::FUNCTION:SHA
+SHA_Init                                506     EXIST::FUNCTION:SHA
+SHA_Update                              507     EXIST::FUNCTION:SHA
+OpenSSL_add_all_algorithms              508     EXIST::FUNCTION:
+OpenSSL_add_all_ciphers                 509     EXIST::FUNCTION:
+OpenSSL_add_all_digests                 510     EXIST::FUNCTION:
+TXT_DB_create_index                     511     EXIST::FUNCTION:
+TXT_DB_free                             512     EXIST::FUNCTION:
+TXT_DB_get_by_index                     513     EXIST::FUNCTION:
+TXT_DB_insert                           514     EXIST::FUNCTION:
+TXT_DB_read                             515     EXIST::FUNCTION:
+TXT_DB_write                            516     EXIST::FUNCTION:
+X509_ALGOR_free                         517     EXIST::FUNCTION:
+X509_ALGOR_new                          518     EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     519     EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      520     EXIST::FUNCTION:
+X509_CINF_free                          521     EXIST::FUNCTION:
+X509_CINF_new                           522     EXIST::FUNCTION:
+X509_CRL_INFO_free                      523     EXIST::FUNCTION:
+X509_CRL_INFO_new                       524     EXIST::FUNCTION:
+X509_CRL_add_ext                        525     EXIST::FUNCTION:
+X509_CRL_cmp                            526     EXIST::FUNCTION:
+X509_CRL_delete_ext                     527     EXIST::FUNCTION:
+X509_CRL_dup                            528     EXIST::FUNCTION:
+X509_CRL_free                           529     EXIST::FUNCTION:
+X509_CRL_get_ext                        530     EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 531     EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 532     EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            533     EXIST::FUNCTION:
+X509_CRL_get_ext_count                  534     EXIST::FUNCTION:
+X509_CRL_new                            535     EXIST::FUNCTION:
+X509_CRL_sign                           536     EXIST::FUNCTION:
+X509_CRL_verify                         537     EXIST::FUNCTION:
+X509_EXTENSION_create_by_NID            538     EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ            539     EXIST::FUNCTION:
+X509_EXTENSION_dup                      540     EXIST::FUNCTION:
+X509_EXTENSION_free                     541     EXIST::FUNCTION:
+X509_EXTENSION_get_critical             542     EXIST::FUNCTION:
+X509_EXTENSION_get_data                 543     EXIST::FUNCTION:
+X509_EXTENSION_get_object               544     EXIST::FUNCTION:
+X509_EXTENSION_new                      545     EXIST::FUNCTION:
+X509_EXTENSION_set_critical             546     EXIST::FUNCTION:
+X509_EXTENSION_set_data                 547     EXIST::FUNCTION:
+X509_EXTENSION_set_object               548     EXIST::FUNCTION:
+X509_INFO_free                          549     EXIST::FUNCTION:
+X509_INFO_new                           550     EXIST::FUNCTION:
+X509_LOOKUP_by_alias                    551     EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              552     EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial            553     EXIST::FUNCTION:
+X509_LOOKUP_by_subject                  554     EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        555     EXIST::FUNCTION:
+X509_LOOKUP_file                        556     EXIST::FUNCTION:
+X509_LOOKUP_free                        557     EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    558     EXIST::FUNCTION:
+X509_LOOKUP_init                        559     EXIST::FUNCTION:
+X509_LOOKUP_new                         560     EXIST::FUNCTION:
+X509_LOOKUP_shutdown                    561     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID           562     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ           563     EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     564     EXIST::FUNCTION:
+X509_NAME_ENTRY_free                    565     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data                566     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              567     EXIST::FUNCTION:
+X509_NAME_ENTRY_new                     568     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                569     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object              570     EXIST::FUNCTION:
+X509_NAME_add_entry                     571     EXIST::FUNCTION:
+X509_NAME_cmp                           572     EXIST::FUNCTION:
+X509_NAME_delete_entry                  573     EXIST::FUNCTION:
+X509_NAME_digest                        574     EXIST::FUNCTION:
+X509_NAME_dup                           575     EXIST::FUNCTION:
+X509_NAME_entry_count                   576     EXIST::FUNCTION:
+X509_NAME_free                          577     EXIST::FUNCTION:
+X509_NAME_get_entry                     578     EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              579     EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ              580     EXIST::FUNCTION:
+X509_NAME_get_text_by_NID               581     EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ               582     EXIST::FUNCTION:
+X509_NAME_hash                          583     EXIST::FUNCTION:
+X509_NAME_new                           584     EXIST::FUNCTION:
+X509_NAME_oneline                       585     EXIST::FUNCTION:
+X509_NAME_print                         586     EXIST::FUNCTION:
+X509_NAME_set                           587     EXIST::FUNCTION:
+X509_OBJECT_free_contents               588     EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         589     EXIST::FUNCTION:
+X509_OBJECT_up_ref_count                590     EXIST::FUNCTION:
+X509_PKEY_free                          591     EXIST::FUNCTION:
+X509_PKEY_new                           592     EXIST::FUNCTION:
+X509_PUBKEY_free                        593     EXIST::FUNCTION:
+X509_PUBKEY_get                         594     EXIST::FUNCTION:
+X509_PUBKEY_new                         595     EXIST::FUNCTION:
+X509_PUBKEY_set                         596     EXIST::FUNCTION:
+X509_REQ_INFO_free                      597     EXIST::FUNCTION:
+X509_REQ_INFO_new                       598     EXIST::FUNCTION:
+X509_REQ_dup                            599     EXIST::FUNCTION:
+X509_REQ_free                           600     EXIST::FUNCTION:
+X509_REQ_get_pubkey                     601     EXIST::FUNCTION:
+X509_REQ_new                            602     EXIST::FUNCTION:
+X509_REQ_print                          603     EXIST::FUNCTION:
+X509_REQ_print_fp                       604     EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey                     605     EXIST::FUNCTION:
+X509_REQ_set_subject_name               606     EXIST::FUNCTION:
+X509_REQ_set_version                    607     EXIST::FUNCTION:
+X509_REQ_sign                           608     EXIST::FUNCTION:
+X509_REQ_to_X509                        609     EXIST::FUNCTION:
+X509_REQ_verify                         610     EXIST::FUNCTION:
+X509_REVOKED_add_ext                    611     EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 612     EXIST::FUNCTION:
+X509_REVOKED_free                       613     EXIST::FUNCTION:
+X509_REVOKED_get_ext                    614     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID             615     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ             616     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617     EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic          617     EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count              618     EXIST::FUNCTION:
+X509_REVOKED_new                        619     EXIST::FUNCTION:
+X509_SIG_free                           620     EXIST::FUNCTION:
+X509_SIG_new                            621     EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  622     EXIST::FUNCTION:
+X509_STORE_CTX_init                     623     EXIST::FUNCTION:
+X509_STORE_add_cert                     624     EXIST::FUNCTION:
+X509_STORE_add_lookup                   625     EXIST::FUNCTION:
+X509_STORE_free                         626     EXIST::FUNCTION:
+X509_STORE_get_by_subject               627     EXIST::FUNCTION:
+X509_STORE_load_locations               628     EXIST::FUNCTION:
+X509_STORE_new                          629     EXIST::FUNCTION:
+X509_STORE_set_default_paths            630     EXIST::FUNCTION:
+X509_VAL_free                           631     EXIST::FUNCTION:
+X509_VAL_new                            632     EXIST::FUNCTION:
+X509_add_ext                            633     EXIST::FUNCTION:
+X509_asn1_meth                          634     EXIST::FUNCTION:
+X509_certificate_type                   635     EXIST::FUNCTION:
+X509_check_private_key                  636     EXIST::FUNCTION:
+X509_cmp_current_time                   637     EXIST::FUNCTION:
+X509_delete_ext                         638     EXIST::FUNCTION:
+X509_digest                             639     EXIST::FUNCTION:
+X509_dup                                640     EXIST::FUNCTION:
+X509_free                               641     EXIST::FUNCTION:
+X509_get_default_cert_area              642     EXIST::FUNCTION:
+X509_get_default_cert_dir               643     EXIST::FUNCTION:
+X509_get_default_cert_dir_env           644     EXIST::FUNCTION:
+X509_get_default_cert_file              645     EXIST::FUNCTION:
+X509_get_default_cert_file_env          646     EXIST::FUNCTION:
+X509_get_default_private_dir            647     EXIST::FUNCTION:
+X509_get_ext                            648     EXIST::FUNCTION:
+X509_get_ext_by_NID                     649     EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     650     EXIST::FUNCTION:
+X509_get_ext_by_critical                651     EXIST::FUNCTION:
+X509_get_ext_count                      652     EXIST::FUNCTION:
+X509_get_issuer_name                    653     EXIST::FUNCTION:
+X509_get_pubkey                         654     EXIST::FUNCTION:
+X509_get_pubkey_parameters              655     EXIST::FUNCTION:
+X509_get_serialNumber                   656     EXIST::FUNCTION:
+X509_get_subject_name                   657     EXIST::FUNCTION:
+X509_gmtime_adj                         658     EXIST::FUNCTION:
+X509_issuer_and_serial_cmp              659     EXIST::FUNCTION:
+X509_issuer_and_serial_hash             660     EXIST::FUNCTION:
+X509_issuer_name_cmp                    661     EXIST::FUNCTION:
+X509_issuer_name_hash                   662     EXIST::FUNCTION:
+X509_load_cert_file                     663     EXIST::FUNCTION:
+X509_new                                664     EXIST::FUNCTION:
+X509_print                              665     EXIST::FUNCTION:
+X509_print_fp                           666     EXIST::FUNCTION:FP_API
+X509_set_issuer_name                    667     EXIST::FUNCTION:
+X509_set_notAfter                       668     EXIST::FUNCTION:
+X509_set_notBefore                      669     EXIST::FUNCTION:
+X509_set_pubkey                         670     EXIST::FUNCTION:
+X509_set_serialNumber                   671     EXIST::FUNCTION:
+X509_set_subject_name                   672     EXIST::FUNCTION:
+X509_set_version                        673     EXIST::FUNCTION:
+X509_sign                               674     EXIST::FUNCTION:
+X509_subject_name_cmp                   675     EXIST::FUNCTION:
+X509_subject_name_hash                  676     EXIST::FUNCTION:
+X509_to_X509_REQ                        677     EXIST::FUNCTION:
+X509_verify                             678     EXIST::FUNCTION:
+X509_verify_cert                        679     EXIST::FUNCTION:
+X509_verify_cert_error_string           680     EXIST::FUNCTION:
+X509v3_add_ext                          681     EXIST::FUNCTION:
+X509v3_add_extension                    682     NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions          683     NOEXIST::FUNCTION:
+X509v3_add_standard_extensions          684     NOEXIST::FUNCTION:
+X509v3_cleanup_extensions               685     NOEXIST::FUNCTION:
+X509v3_data_type_by_NID                 686     NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ                 687     NOEXIST::FUNCTION:
+X509v3_delete_ext                       688     EXIST::FUNCTION:
+X509v3_get_ext                          689     EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   690     EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   691     EXIST::FUNCTION:
+X509v3_get_ext_by_critical              692     EXIST::FUNCTION:
+X509v3_get_ext_count                    693     EXIST::FUNCTION:
+X509v3_pack_string                      694     NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID                 695     NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ                 696     NOEXIST::FUNCTION:
+X509v3_unpack_string                    697     NOEXIST::FUNCTION:
+_des_crypt                              698     NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT                         699     EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700     EXIST::FUNCTION:
+a2i_ASN1_STRING                         701     EXIST::FUNCTION:
+asn1_Finish                             702     EXIST::FUNCTION:
+asn1_GetSequence                        703     EXIST::FUNCTION:
+bn_div_words                            704     EXIST::FUNCTION:
+bn_expand2                              705     EXIST::FUNCTION:
+bn_mul_add_words                        706     EXIST::FUNCTION:
+bn_mul_words                            707     EXIST::FUNCTION:
+BN_uadd                                 708     EXIST::FUNCTION:
+BN_usub                                 709     EXIST::FUNCTION:
+bn_sqr_words                            710     EXIST::FUNCTION:
+crypt                                   711     EXIST:!PERL5,!NeXT,!__FreeBSD__:FUNCTION:DES
+d2i_ASN1_BIT_STRING                     712     EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN                        713     EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714     EXIST::FUNCTION:
+d2i_ASN1_IA5STRING                      715     EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        716     EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         717     EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING                   718     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      719     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING                720     EXIST::FUNCTION:
+d2i_ASN1_SET                            721     EXIST::FUNCTION:
+d2i_ASN1_T61STRING                      722     EXIST::FUNCTION:
+d2i_ASN1_TYPE                           723     EXIST::FUNCTION:
+d2i_ASN1_UTCTIME                        724     EXIST::FUNCTION:
+d2i_ASN1_bytes                          725     EXIST::FUNCTION:
+d2i_ASN1_type_bytes                     726     EXIST::FUNCTION:
+d2i_DHparams                            727     EXIST::FUNCTION:DH
+d2i_DSAPrivateKey                       728     EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729     EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_fp                    730     EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey                        731     EXIST::FUNCTION:DSA
+d2i_DSAparams                           732     EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC                      733     EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       734     EXIST::FUNCTION:
+d2i_Netscape_RSA                        735     EXIST::FUNCTION:RSA
+d2i_PKCS7                               736     EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        737     EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       738     EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   739     EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE                      740     EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             741     EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO                    742     EXIST::FUNCTION:
+d2i_PKCS7_SIGNED                        743     EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO                   744     EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 745     EXIST::FUNCTION:
+d2i_PKCS7_bio                           746     EXIST::FUNCTION:
+d2i_PKCS7_fp                            747     EXIST::FUNCTION:FP_API
+d2i_PrivateKey                          748     EXIST::FUNCTION:
+d2i_PublicKey                           749     EXIST::FUNCTION:
+d2i_RSAPrivateKey                       750     EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751     EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_fp                    752     EXIST::FUNCTION:RSA,FP_API
+d2i_RSAPublicKey                        753     EXIST::FUNCTION:RSA
+d2i_X509                                754     EXIST::FUNCTION:
+d2i_X509_ALGOR                          755     EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE                      756     EXIST::FUNCTION:
+d2i_X509_CINF                           757     EXIST::FUNCTION:
+d2i_X509_CRL                            758     EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       759     EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760     EXIST::FUNCTION:
+d2i_X509_CRL_fp                         761     EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION                      762     EXIST::FUNCTION:
+d2i_X509_NAME                           763     EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY                     764     EXIST::FUNCTION:
+d2i_X509_PKEY                           765     EXIST::FUNCTION:
+d2i_X509_PUBKEY                         766     EXIST::FUNCTION:
+d2i_X509_REQ                            767     EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       768     EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769     EXIST::FUNCTION:
+d2i_X509_REQ_fp                         770     EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED                        771     EXIST::FUNCTION:
+d2i_X509_SIG                            772     EXIST::FUNCTION:
+d2i_X509_VAL                            773     EXIST::FUNCTION:
+d2i_X509_bio                            774     EXIST::FUNCTION:
+d2i_X509_fp                             775     EXIST::FUNCTION:FP_API
+des_cbc_cksum                           777     EXIST::FUNCTION:DES
+des_cbc_encrypt                         778     EXIST::FUNCTION:DES
+des_cblock_print_file                   779     NOEXIST::FUNCTION:
+des_cfb64_encrypt                       780     EXIST::FUNCTION:DES
+des_cfb_encrypt                         781     EXIST::FUNCTION:DES
+des_decrypt3                            782     EXIST::FUNCTION:DES
+des_ecb3_encrypt                        783     EXIST::FUNCTION:DES
+des_ecb_encrypt                         784     EXIST::FUNCTION:DES
+des_ede3_cbc_encrypt                    785     EXIST::FUNCTION:DES
+des_ede3_cfb64_encrypt                  786     EXIST::FUNCTION:DES
+des_ede3_ofb64_encrypt                  787     EXIST::FUNCTION:DES
+des_enc_read                            788     EXIST::FUNCTION:DES
+des_enc_write                           789     EXIST::FUNCTION:DES
+des_encrypt                             790     EXIST::FUNCTION:DES
+des_encrypt2                            791     EXIST::FUNCTION:DES
+des_encrypt3                            792     EXIST::FUNCTION:DES
+des_fcrypt                              793     EXIST::FUNCTION:DES
+des_is_weak_key                         794     EXIST::FUNCTION:DES
+des_key_sched                           795     EXIST::FUNCTION:DES
+des_ncbc_encrypt                        796     EXIST::FUNCTION:DES
+des_ofb64_encrypt                       797     EXIST::FUNCTION:DES
+des_ofb_encrypt                         798     EXIST::FUNCTION:DES
+des_options                             799     EXIST::FUNCTION:DES
+des_pcbc_encrypt                        800     EXIST::FUNCTION:DES
+des_quad_cksum                          801     EXIST::FUNCTION:DES
+des_random_key                          802     EXIST::FUNCTION:DES
+des_random_seed                         803     EXIST::FUNCTION:DES
+des_read_2passwords                     804     EXIST::FUNCTION:DES
+des_read_password                       805     EXIST::FUNCTION:DES
+des_read_pw                             806     EXIST::FUNCTION:DES
+des_read_pw_string                      807     EXIST::FUNCTION:DES
+des_set_key                             808     EXIST::FUNCTION:DES
+des_set_odd_parity                      809     EXIST::FUNCTION:DES
+des_string_to_2keys                     810     EXIST::FUNCTION:DES
+des_string_to_key                       811     EXIST::FUNCTION:DES
+des_xcbc_encrypt                        812     EXIST::FUNCTION:DES
+des_xwhite_in2out                       813     EXIST::FUNCTION:DES
+fcrypt_body                             814     NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815     EXIST::FUNCTION:
+i2a_ASN1_OBJECT                         816     EXIST::FUNCTION:
+i2a_ASN1_STRING                         817     EXIST::FUNCTION:
+i2d_ASN1_BIT_STRING                     818     EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN                        819     EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820     EXIST::FUNCTION:
+i2d_ASN1_IA5STRING                      821     EXIST::FUNCTION:
+i2d_ASN1_INTEGER                        822     EXIST::FUNCTION:
+i2d_ASN1_OBJECT                         823     EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING                   824     EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE                      825     EXIST::FUNCTION:
+i2d_ASN1_SET                            826     EXIST::FUNCTION:
+i2d_ASN1_TYPE                           827     EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        828     EXIST::FUNCTION:
+i2d_ASN1_bytes                          829     EXIST::FUNCTION:
+i2d_DHparams                            830     EXIST::FUNCTION:DH
+i2d_DSAPrivateKey                       831     EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832     EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_fp                    833     EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey                        834     EXIST::FUNCTION:DSA
+i2d_DSAparams                           835     EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC                      836     EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI                       837     EXIST::FUNCTION:
+i2d_Netscape_RSA                        838     EXIST::FUNCTION:RSA
+i2d_PKCS7                               839     EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        840     EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       841     EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT                   842     EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      843     EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             844     EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    845     EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        846     EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO                   847     EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 848     EXIST::FUNCTION:
+i2d_PKCS7_bio                           849     EXIST::FUNCTION:
+i2d_PKCS7_fp                            850     EXIST::FUNCTION:FP_API
+i2d_PrivateKey                          851     EXIST::FUNCTION:
+i2d_PublicKey                           852     EXIST::FUNCTION:
+i2d_RSAPrivateKey                       853     EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854     EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_fp                    855     EXIST::FUNCTION:RSA,FP_API
+i2d_RSAPublicKey                        856     EXIST::FUNCTION:RSA
+i2d_X509                                857     EXIST::FUNCTION:
+i2d_X509_ALGOR                          858     EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE                      859     EXIST::FUNCTION:
+i2d_X509_CINF                           860     EXIST::FUNCTION:
+i2d_X509_CRL                            861     EXIST::FUNCTION:
+i2d_X509_CRL_INFO                       862     EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863     EXIST::FUNCTION:
+i2d_X509_CRL_fp                         864     EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION                      865     EXIST::FUNCTION:
+i2d_X509_NAME                           866     EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     867     EXIST::FUNCTION:
+i2d_X509_PKEY                           868     EXIST::FUNCTION:
+i2d_X509_PUBKEY                         869     EXIST::FUNCTION:
+i2d_X509_REQ                            870     EXIST::FUNCTION:
+i2d_X509_REQ_INFO                       871     EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872     EXIST::FUNCTION:
+i2d_X509_REQ_fp                         873     EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED                        874     EXIST::FUNCTION:
+i2d_X509_SIG                            875     EXIST::FUNCTION:
+i2d_X509_VAL                            876     EXIST::FUNCTION:
+i2d_X509_bio                            877     EXIST::FUNCTION:
+i2d_X509_fp                             878     EXIST::FUNCTION:FP_API
+idea_cbc_encrypt                        879     EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt                      880     EXIST::FUNCTION:IDEA
+idea_ecb_encrypt                        881     EXIST::FUNCTION:IDEA
+idea_encrypt                            882     EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt                      883     EXIST::FUNCTION:IDEA
+idea_options                            884     EXIST::FUNCTION:IDEA
+idea_set_decrypt_key                    885     EXIST::FUNCTION:IDEA
+idea_set_encrypt_key                    886     EXIST::FUNCTION:IDEA
+lh_delete                               887     EXIST::FUNCTION:
+lh_doall                                888     EXIST::FUNCTION:
+lh_doall_arg                            889     EXIST::FUNCTION:
+lh_free                                 890     EXIST::FUNCTION:
+lh_insert                               891     EXIST::FUNCTION:
+lh_new                                  892     EXIST::FUNCTION:
+lh_node_stats                           893     EXIST::FUNCTION:FP_API
+lh_node_stats_bio                       894     EXIST::FUNCTION:
+lh_node_usage_stats                     895     EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio                 896     EXIST::FUNCTION:
+lh_retrieve                             897     EXIST::FUNCTION:
+lh_stats                                898     EXIST::FUNCTION:FP_API
+lh_stats_bio                            899     EXIST::FUNCTION:
+lh_strhash                              900     EXIST::FUNCTION:
+sk_delete                               901     EXIST::FUNCTION:
+sk_delete_ptr                           902     EXIST::FUNCTION:
+sk_dup                                  903     EXIST::FUNCTION:
+sk_find                                 904     EXIST::FUNCTION:
+sk_free                                 905     EXIST::FUNCTION:
+sk_insert                               906     EXIST::FUNCTION:
+sk_new                                  907     EXIST::FUNCTION:
+sk_pop                                  908     EXIST::FUNCTION:
+sk_pop_free                             909     EXIST::FUNCTION:
+sk_push                                 910     EXIST::FUNCTION:
+sk_set_cmp_func                         911     EXIST::FUNCTION:
+sk_shift                                912     EXIST::FUNCTION:
+sk_unshift                              913     EXIST::FUNCTION:
+sk_zero                                 914     EXIST::FUNCTION:
+BIO_f_nbio_test                         915     EXIST::FUNCTION:
+ASN1_TYPE_get                           916     EXIST::FUNCTION:
+ASN1_TYPE_set                           917     EXIST::FUNCTION:
+PKCS7_content_free                      918     EXIST::FUNCTION:
+ERR_load_PKCS7_strings                  919     EXIST::FUNCTION:
+X509_find_by_issuer_and_serial          920     EXIST::FUNCTION:
+X509_find_by_subject                    921     EXIST::FUNCTION:
+PKCS7_ctrl                              927     EXIST::FUNCTION:
+PKCS7_set_type                          928     EXIST::FUNCTION:
+PKCS7_set_content                       929     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set                   930     EXIST::FUNCTION:
+PKCS7_add_signer                        931     EXIST::FUNCTION:
+PKCS7_add_certificate                   932     EXIST::FUNCTION:
+PKCS7_add_crl                           933     EXIST::FUNCTION:
+PKCS7_content_new                       934     EXIST::FUNCTION:
+PKCS7_dataSign                          935     NOEXIST::FUNCTION:
+PKCS7_dataVerify                        936     EXIST::FUNCTION:
+PKCS7_dataInit                          937     EXIST::FUNCTION:
+PKCS7_add_signature                     938     EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             939     EXIST::FUNCTION:
+PKCS7_get_signer_info                   940     EXIST::FUNCTION:
+EVP_delete_alias                        941     NOEXIST::FUNCTION:
+EVP_mdc2                                942     EXIST::FUNCTION:
+PEM_read_bio_RSAPublicKey               943     EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey              944     EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945     EXIST::FUNCTION:RSA
+i2d_RSAPublicKey_bio                    946     EXIST::FUNCTION:RSA
+PEM_read_RSAPublicKey                   947     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey                  949     EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp                     952     EXIST::FUNCTION:RSA,FP_API
+i2d_RSAPublicKey_fp                     954     EXIST::FUNCTION:RSA,FP_API
+BIO_copy_next_retry                     955     EXIST::FUNCTION:
+RSA_flags                               956     EXIST::FUNCTION:RSA
+X509_STORE_add_crl                      957     EXIST::FUNCTION:
+X509_load_crl_file                      958     EXIST::FUNCTION:
+EVP_rc2_40_cbc                          959     EXIST::FUNCTION:RC2
+EVP_rc4_40                              960     EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init                     961     EXIST::FUNCTION:
+HMAC                                    962     EXIST::FUNCTION:HMAC
+HMAC_Init                               963     EXIST::FUNCTION:HMAC
+HMAC_Update                             964     EXIST::FUNCTION:HMAC
+HMAC_Final                              965     EXIST::FUNCTION:HMAC
+ERR_get_next_error_library              966     EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 967     EXIST::FUNCTION:
+HMAC_cleanup                            968     EXIST::FUNCTION:HMAC
+BIO_ptr_ctrl                            969     EXIST::FUNCTION:
+BIO_new_file_internal                   970     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal                     971     EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal                     972     EXIST:WIN16:FUNCTION:FP_API
+BN_BLINDING_convert                     973     EXIST::FUNCTION:
+BN_BLINDING_invert                      974     EXIST::FUNCTION:
+BN_BLINDING_update                      975     EXIST::FUNCTION:
+RSA_blinding_on                         977     EXIST::FUNCTION:RSA
+RSA_blinding_off                        978     EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT                         979     EXIST::FUNCTION:
+BN_BLINDING_new                         980     EXIST::FUNCTION:
+BN_BLINDING_free                        981     EXIST::FUNCTION:
+EVP_cast5_cbc                           983     EXIST::FUNCTION:CAST
+EVP_cast5_cfb                           984     EXIST::FUNCTION:CAST
+EVP_cast5_ecb                           985     EXIST::FUNCTION:CAST
+EVP_cast5_ofb                           986     EXIST::FUNCTION:CAST
+BF_decrypt                              987     EXIST::FUNCTION:BF
+CAST_set_key                            988     EXIST::FUNCTION:CAST
+CAST_encrypt                            989     EXIST::FUNCTION:CAST
+CAST_decrypt                            990     EXIST::FUNCTION:CAST
+CAST_ecb_encrypt                        991     EXIST::FUNCTION:CAST
+CAST_cbc_encrypt                        992     EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt                      993     EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt                      994     EXIST::FUNCTION:CAST
+RC2_decrypt                             995     EXIST::FUNCTION:RC2
+OBJ_create_objects                      997     EXIST::FUNCTION:
+BN_exp                                  998     EXIST::FUNCTION:
+BN_mul_word                             999     EXIST::FUNCTION:
+BN_sub_word                             1000    EXIST::FUNCTION:
+BN_dec2bn                               1001    EXIST::FUNCTION:
+BN_bn2dec                               1002    EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003    EXIST::FUNCTION:
+CRYPTO_free_ex_data                     1004    EXIST::FUNCTION:
+CRYPTO_get_ex_data                      1005    EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1007    EXIST::FUNCTION:
+ERR_load_CRYPTO_strings                 1009    EXIST:!WIN16,!VMS:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009    EXIST:WIN16,VMS:FUNCTION:
+EVP_PKEY_bits                           1010    EXIST::FUNCTION:
+MD5_Transform                           1011    EXIST::FUNCTION:MD5
+SHA1_Transform                          1012    EXIST::FUNCTION:SHA
+SHA_Transform                           1013    EXIST::FUNCTION:SHA
+X509_STORE_CTX_get_chain                1014    EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1015    EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1016    EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth          1017    EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              1018    EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1020    EXIST::FUNCTION:
+X509_STORE_CTX_set_chain                1021    EXIST::FUNCTION:
+X509_STORE_CTX_set_error                1022    EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              1023    EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1025    EXIST::FUNCTION:
+CRYPTO_get_new_lockid                   1026    EXIST::FUNCTION:
+CRYPTO_new_ex_data                      1027    EXIST::FUNCTION:
+RSA_set_ex_data                         1028    EXIST::FUNCTION:RSA
+RSA_get_ex_data                         1029    EXIST::FUNCTION:RSA
+RSA_get_ex_new_index                    1030    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1            1031    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2            1032    EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23                  1033    EXIST::FUNCTION:RSA
+RSA_padding_add_none                    1034    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1          1035    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2          1036    EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23                1037    EXIST::FUNCTION:RSA
+RSA_padding_check_none                  1038    EXIST::FUNCTION:RSA
+bn_add_words                            1039    EXIST::FUNCTION:
+d2i_Netscape_RSA_2                      1040    EXIST::FUNCTION:RSA
+CRYPTO_get_ex_new_index                 1041    EXIST::FUNCTION:
+RIPEMD160_Init                          1042    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update                        1043    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final                         1044    EXIST::FUNCTION:RIPEMD
+RIPEMD160                               1045    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform                     1046    EXIST::FUNCTION:RIPEMD
+RC5_32_set_key                          1047    EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      1048    EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1049    EXIST::FUNCTION:RC5
+RC5_32_decrypt                          1050    EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      1051    EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1052    EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1053    EXIST::FUNCTION:RC5
+BN_bn2mpi                               1058    EXIST::FUNCTION:
+BN_mpi2bn                               1059    EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 1060    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 1061    EXIST::FUNCTION:
+BIO_get_ex_data                         1062    EXIST::FUNCTION:
+BIO_get_ex_new_index                    1063    EXIST::FUNCTION:
+BIO_set_ex_data                         1064    EXIST::FUNCTION:
+X509v3_get_key_usage                    1066    NOEXIST::FUNCTION:
+X509v3_set_key_usage                    1067    NOEXIST::FUNCTION:
+a2i_X509v3_key_usage                    1068    NOEXIST::FUNCTION:
+i2a_X509v3_key_usage                    1069    NOEXIST::FUNCTION:
+EVP_PKEY_decrypt                        1070    EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1071    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set                    1072    EXIST::FUNCTION:
+PKCS7_add_recipient                     1073    EXIST::FUNCTION:
+PKCS7_add_recipient_info                1074    EXIST::FUNCTION:
+PKCS7_set_cipher                        1075    EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           1076    EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               1077    EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           1078    EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               1079    EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 1080    EXIST::FUNCTION:
+ERR_add_error_data                      1081    EXIST::FUNCTION:
+ERR_set_error_data                      1082    EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1083    EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1084    EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1085    EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv                  1086    EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc                    1087    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb                    1088    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb                    1089    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb                    1090    EXIST::FUNCTION:RC5
+asn1_add_error                          1091    EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING                      1092    EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING                      1093    EXIST::FUNCTION:
+BIO_f_ber                               1094    NOEXIST::FUNCTION:
+BN_init                                 1095    EXIST::FUNCTION:
+COMP_CTX_new                            1096    EXIST::FUNCTION:
+COMP_CTX_free                           1097    EXIST::FUNCTION:
+COMP_CTX_compress_block                 1098    NOEXIST::FUNCTION:
+COMP_CTX_expand_block                   1099    NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index         1100    EXIST::FUNCTION:
+OBJ_NAME_add                            1101    EXIST::FUNCTION:
+BIO_socket_nbio                         1102    EXIST::FUNCTION:
+EVP_rc2_64_cbc                          1103    EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup                        1104    EXIST::FUNCTION:
+OBJ_NAME_get                            1105    EXIST::FUNCTION:
+OBJ_NAME_init                           1106    EXIST::FUNCTION:
+OBJ_NAME_new_index                      1107    EXIST::FUNCTION:
+OBJ_NAME_remove                         1108    EXIST::FUNCTION:
+BN_MONT_CTX_copy                        1109    EXIST::FUNCTION:
+BIO_new_socks4a_connect                 1110    NOEXIST::FUNCTION:
+BIO_s_socks4a_connect                   1111    NOEXIST::FUNCTION:
+PROXY_set_connect_mode                  1112    NOEXIST::FUNCTION:
+RAND_SSLeay                             1113    EXIST::FUNCTION:
+RAND_set_rand_method                    1114    EXIST::FUNCTION:
+RSA_memory_lock                         1115    EXIST::FUNCTION:RSA
+bn_sub_words                            1116    EXIST::FUNCTION:
+bn_mul_normal                           1117    NOEXIST::FUNCTION:
+bn_mul_comba8                           1118    NOEXIST::FUNCTION:
+bn_mul_comba4                           1119    NOEXIST::FUNCTION:
+bn_sqr_normal                           1120    NOEXIST::FUNCTION:
+bn_sqr_comba8                           1121    NOEXIST::FUNCTION:
+bn_sqr_comba4                           1122    NOEXIST::FUNCTION:
+bn_cmp_words                            1123    NOEXIST::FUNCTION:
+bn_mul_recursive                        1124    NOEXIST::FUNCTION:
+bn_mul_part_recursive                   1125    NOEXIST::FUNCTION:
+bn_sqr_recursive                        1126    NOEXIST::FUNCTION:
+bn_mul_low_normal                       1127    NOEXIST::FUNCTION:
+BN_RECP_CTX_init                        1128    EXIST::FUNCTION:
+BN_RECP_CTX_new                         1129    EXIST::FUNCTION:
+BN_RECP_CTX_free                        1130    EXIST::FUNCTION:
+BN_RECP_CTX_set                         1131    EXIST::FUNCTION:
+BN_mod_mul_reciprocal                   1132    EXIST::FUNCTION:
+BN_mod_exp_recp                         1133    EXIST::FUNCTION:
+BN_div_recp                             1134    EXIST::FUNCTION:
+BN_CTX_init                             1135    EXIST::FUNCTION:
+BN_MONT_CTX_init                        1136    EXIST::FUNCTION:
+RAND_get_rand_method                    1137    EXIST::FUNCTION:
+PKCS7_add_attribute                     1138    EXIST::FUNCTION:
+PKCS7_add_signed_attribute              1139    EXIST::FUNCTION:
+PKCS7_digest_from_attributes            1140    EXIST::FUNCTION:
+PKCS7_get_attribute                     1141    EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial             1142    EXIST::FUNCTION:
+PKCS7_get_signed_attribute              1143    EXIST::FUNCTION:
+COMP_compress_block                     1144    EXIST::FUNCTION:
+COMP_expand_block                       1145    EXIST::FUNCTION:
+COMP_rle                                1146    EXIST::FUNCTION:
+COMP_zlib                               1147    EXIST::FUNCTION:
+ms_time_diff                            1148    EXIST::FUNCTION:
+ms_time_new                             1149    EXIST::FUNCTION:
+ms_time_free                            1150    EXIST::FUNCTION:
+ms_time_cmp                             1151    EXIST::FUNCTION:
+ms_time_get                             1152    EXIST::FUNCTION:
+PKCS7_set_attributes                    1153    EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1154    EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1155    EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1156    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              1157    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set                1159    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         1160    EXIST::FUNCTION:
+ASN1_TIME_print                         1161    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_free                  1162    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new                   1163    EXIST::FUNCTION:
+ERR_load_X509V3_strings                 1164    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free             1165    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              1166    EXIST::FUNCTION:
+OBJ_txt2obj                             1167    EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168    EXIST:!WIN16:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169    EXIST::FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170    EXIST:!WIN16:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171    EXIST::FUNCTION:
+X509V3_EXT_add                          1172    EXIST::FUNCTION:
+X509V3_EXT_add_alias                    1173    EXIST::FUNCTION:
+X509V3_EXT_add_conf                     1174    EXIST::FUNCTION:
+X509V3_EXT_cleanup                      1175    EXIST::FUNCTION:
+X509V3_EXT_conf                         1176    EXIST::FUNCTION:
+X509V3_EXT_conf_nid                     1177    EXIST::FUNCTION:
+X509V3_EXT_get                          1178    EXIST::FUNCTION:
+X509V3_EXT_get_nid                      1179    EXIST::FUNCTION:
+X509V3_EXT_print                        1180    EXIST::FUNCTION:
+X509V3_EXT_print_fp                     1181    EXIST::FUNCTION:
+X509V3_add_standard_extensions          1182    EXIST::FUNCTION:
+X509V3_add_value                        1183    EXIST::FUNCTION:
+X509V3_add_value_bool                   1184    EXIST::FUNCTION:
+X509V3_add_value_int                    1185    EXIST::FUNCTION:
+X509V3_conf_free                        1186    EXIST::FUNCTION:
+X509V3_get_value_bool                   1187    EXIST::FUNCTION:
+X509V3_get_value_int                    1188    EXIST::FUNCTION:
+X509V3_parse_list                       1189    EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1190    EXIST::FUNCTION:
+d2i_ASN1_TIME                           1191    EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   1192    EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE              1193    EXIST::FUNCTION:
+d2i_ext_ku                              1194    EXIST::FUNCTION:
+ext_ku_free                             1195    EXIST::FUNCTION:
+ext_ku_new                              1196    EXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME                1197    EXIST::FUNCTION:
+i2d_ASN1_TIME                           1198    EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS                   1199    EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE              1200    EXIST::FUNCTION:
+i2d_ext_ku                              1201    EXIST::FUNCTION:
+EVP_MD_CTX_copy                         1202    EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED                     1203    EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     1204    EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     1205    EXIST::FUNCTION:
+ASN1_ENUMERATED_get                     1206    EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED                   1207    EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1208    EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209    EXIST::FUNCTION:
+a2i_ASN1_ENUMERATED                     1210    EXIST::FUNCTION:
+i2d_GENERAL_NAME                        1211    EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1212    EXIST::FUNCTION:
+GENERAL_NAME_new                        1213    EXIST::FUNCTION:
+GENERAL_NAME_free                       1214    EXIST::FUNCTION:
+GENERAL_NAMES_new                       1215    EXIST::FUNCTION:
+GENERAL_NAMES_free                      1216    EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       1217    EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       1218    EXIST::FUNCTION:
+i2v_GENERAL_NAMES                       1219    EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING                   1220    EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING                   1221    EXIST::FUNCTION:
+X509V3_EXT_check_conf                   1222    NOEXIST::FUNCTION:
+hex_to_string                           1223    EXIST::FUNCTION:
+string_to_hex                           1224    EXIST::FUNCTION:
+des_ede3_cbcm_encrypt                   1225    EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP              1226    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP            1227    EXIST::FUNCTION:RSA
+X509_CRL_print_fp                       1228    EXIST::FUNCTION:FP_API
+X509_CRL_print                          1229    EXIST::FUNCTION:
+i2v_GENERAL_NAME                        1230    EXIST::FUNCTION:
+v2i_GENERAL_NAME                        1231    EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   1232    EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD                   1233    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   1234    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  1235    EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1236    EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        1237    EXIST::FUNCTION:
+X509V3_EXT_d2i                          1238    EXIST::FUNCTION:
+name_cmp                                1239    EXIST::FUNCTION:
+str_dup                                 1240    NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     1241    EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE               1242    EXIST::FUNCTION:
+BIO_s_log                               1243    EXIST:!WIN32,!WIN16,!macintosh:FUNCTION:
+BIO_f_reliable                          1244    EXIST::FUNCTION:
+PKCS7_dataFinal                         1245    EXIST::FUNCTION:
+PKCS7_dataDecode                        1246    EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 1247    EXIST::FUNCTION:
+BN_set_params                           1248    EXIST::FUNCTION:
+BN_get_params                           1249    EXIST::FUNCTION:
+BIO_get_ex_num                          1250    NOEXIST::FUNCTION:
+BIO_set_ex_free_func                    1251    NOEXIST::FUNCTION:
+EVP_ripemd160                           1252    EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set                           1253    EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1254    EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID                     1255    EXIST::FUNCTION:
+AUTHORITY_KEYID_new                     1256    EXIST::FUNCTION:
+AUTHORITY_KEYID_free                    1257    EXIST::FUNCTION:
+ASN1_seq_unpack                         1258    EXIST::FUNCTION:
+ASN1_seq_pack                           1259    EXIST::FUNCTION:
+ASN1_unpack_string                      1260    EXIST::FUNCTION:
+ASN1_pack_string                        1261    EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262    EXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG                      1263    EXIST::FUNCTION:
+PKCS8_encrypt                           1264    EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG                    1265    EXIST::FUNCTION:
+PKCS12_pack_p7data                      1266    EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   1267    EXIST::FUNCTION:
+PKCS12_add_localkeyid                   1268    EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             1269    EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             1270    EXIST::FUNCTION:
+PKCS12_get_friendlyname                 1271    EXIST::FUNCTION:
+PKCS12_pbe_crypt                        1272    EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273    EXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274    EXIST::FUNCTION:
+PKCS12_init                             1275    EXIST::FUNCTION:
+PKCS12_key_gen_asc                      1276    EXIST::FUNCTION:
+PKCS12_key_gen_uni                      1277    EXIST::FUNCTION:
+PKCS12_gen_mac                          1278    EXIST::FUNCTION:
+PKCS12_verify_mac                       1279    EXIST::FUNCTION:
+PKCS12_set_mac                          1280    EXIST::FUNCTION:
+PKCS12_setup_mac                        1281    EXIST::FUNCTION:
+asc2uni                                 1282    EXIST::FUNCTION:
+uni2asc                                 1283    EXIST::FUNCTION:
+i2d_PKCS12_BAGS                         1284    EXIST::FUNCTION:
+PKCS12_BAGS_new                         1285    EXIST::FUNCTION:
+d2i_PKCS12_BAGS                         1286    EXIST::FUNCTION:
+PKCS12_BAGS_free                        1287    EXIST::FUNCTION:
+i2d_PKCS12                              1288    EXIST::FUNCTION:
+d2i_PKCS12                              1289    EXIST::FUNCTION:
+PKCS12_new                              1290    EXIST::FUNCTION:
+PKCS12_free                             1291    EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA                     1292    EXIST::FUNCTION:
+PKCS12_MAC_DATA_new                     1293    EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA                     1294    EXIST::FUNCTION:
+PKCS12_MAC_DATA_free                    1295    EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG                      1296    EXIST::FUNCTION:
+PKCS12_SAFEBAG_new                      1297    EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      1298    EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1299    EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 1300    EXIST::FUNCTION:
+PKCS12_PBE_add                          1301    EXIST::FUNCTION:
+PKCS8_add_keyusage                      1302    EXIST::FUNCTION:
+PKCS12_get_attr_gen                     1303    EXIST::FUNCTION:
+PKCS12_parse                            1304    EXIST::FUNCTION:
+PKCS12_create                           1305    EXIST::FUNCTION:
+i2d_PKCS12_bio                          1306    EXIST::FUNCTION:
+i2d_PKCS12_fp                           1307    EXIST::FUNCTION:
+d2i_PKCS12_bio                          1308    EXIST::FUNCTION:
+d2i_PKCS12_fp                           1309    EXIST::FUNCTION:
+i2d_PBEPARAM                            1310    EXIST::FUNCTION:
+PBEPARAM_new                            1311    EXIST::FUNCTION:
+d2i_PBEPARAM                            1312    EXIST::FUNCTION:
+PBEPARAM_free                           1313    EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 1314    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new                 1315    EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO                 1316    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                1317    EXIST::FUNCTION:
+EVP_PKCS82PKEY                          1318    EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          1319    EXIST::FUNCTION:
+PKCS8_set_broken                        1320    EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit                1321    NOEXIST::FUNCTION:
+EVP_PBE_alg_add                         1322    EXIST::FUNCTION:
+PKCS5_pbe_set                           1323    EXIST::FUNCTION:
+EVP_PBE_cleanup                         1324    EXIST::FUNCTION:
+i2d_SXNET                               1325    EXIST::FUNCTION:
+d2i_SXNET                               1326    EXIST::FUNCTION:
+SXNET_new                               1327    EXIST::FUNCTION:
+SXNET_free                              1328    EXIST::FUNCTION:
+i2d_SXNETID                             1329    EXIST::FUNCTION:
+d2i_SXNETID                             1330    EXIST::FUNCTION:
+SXNETID_new                             1331    EXIST::FUNCTION:
+SXNETID_free                            1332    EXIST::FUNCTION:
+DSA_SIG_new                             1333    EXIST::FUNCTION:DSA
+DSA_SIG_free                            1334    EXIST::FUNCTION:DSA
+DSA_do_sign                             1335    EXIST::FUNCTION:DSA
+DSA_do_verify                           1336    EXIST::FUNCTION:DSA
+d2i_DSA_SIG                             1337    EXIST::FUNCTION:DSA
+i2d_DSA_SIG                             1338    EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING                  1339    EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  1340    EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING                     1341    EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING                     1342    EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     1343    EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     1344    EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         1345    EXIST::FUNCTION:
+d2i_DISPLAYTEXT                         1346    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509                    1379    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509                    1380    NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM                         1397    EXIST::FUNCTION:
+PBKDF2PARAM_new                         1398    EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         1399    EXIST::FUNCTION:
+PBKDF2PARAM_free                        1400    EXIST::FUNCTION:
+i2d_PBE2PARAM                           1401    EXIST::FUNCTION:
+PBE2PARAM_new                           1402    EXIST::FUNCTION:
+d2i_PBE2PARAM                           1403    EXIST::FUNCTION:
+PBE2PARAM_free                          1404    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME            1421    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME            1422    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID                 1439    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID                 1440    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO              1475    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO              1476    NOEXIST::FUNCTION:
+SXNET_add_id_asc                        1477    EXIST::FUNCTION:
+SXNET_add_id_ulong                      1478    EXIST::FUNCTION:
+SXNET_add_id_INTEGER                    1479    EXIST::FUNCTION:
+SXNET_get_id_asc                        1480    EXIST::FUNCTION:
+SXNET_get_id_ulong                      1481    EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1482    EXIST::FUNCTION:
+X509V3_set_conf_lhash                   1483    EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 1484    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 1485    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1486    EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES                 1487    EXIST::FUNCTION:
+i2d_POLICYINFO                          1488    EXIST::FUNCTION:
+POLICYINFO_new                          1489    EXIST::FUNCTION:
+d2i_POLICYINFO                          1490    EXIST::FUNCTION:
+POLICYINFO_free                         1491    EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      1492    EXIST::FUNCTION:
+POLICYQUALINFO_new                      1493    EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      1494    EXIST::FUNCTION:
+POLICYQUALINFO_free                     1495    EXIST::FUNCTION:
+i2d_USERNOTICE                          1496    EXIST::FUNCTION:
+USERNOTICE_new                          1497    EXIST::FUNCTION:
+d2i_USERNOTICE                          1498    EXIST::FUNCTION:
+USERNOTICE_free                         1499    EXIST::FUNCTION:
+i2d_NOTICEREF                           1500    EXIST::FUNCTION:
+NOTICEREF_new                           1501    EXIST::FUNCTION:
+d2i_NOTICEREF                           1502    EXIST::FUNCTION:
+NOTICEREF_free                          1503    EXIST::FUNCTION:
+X509V3_get_string                       1504    EXIST::FUNCTION:
+X509V3_get_section                      1505    EXIST::FUNCTION:
+X509V3_string_free                      1506    EXIST::FUNCTION:
+X509V3_section_free                     1507    EXIST::FUNCTION:
+X509V3_set_ctx                          1508    EXIST::FUNCTION:
+s2i_ASN1_INTEGER                        1509    EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions         1510    EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions         1511    EXIST::FUNCTION:
+CRYPTO_malloc_locked                    1512    EXIST::FUNCTION:
+CRYPTO_free_locked                      1513    EXIST::FUNCTION:
+BN_mod_exp2_mont                        1514    EXIST::FUNCTION:
+ERR_get_error_line_data                 1515    EXIST::FUNCTION:
+ERR_peek_error_line_data                1516    EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1517    EXIST::FUNCTION:
+X509_ALGOR_dup                          1518    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT              1535    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT              1536    NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS                     1537    EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1538    EXIST::FUNCTION:
+CRL_DIST_POINTS_free                    1539    EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS                     1540    EXIST::FUNCTION:
+i2d_DIST_POINT                          1541    EXIST::FUNCTION:
+DIST_POINT_new                          1542    EXIST::FUNCTION:
+d2i_DIST_POINT                          1543    EXIST::FUNCTION:
+DIST_POINT_free                         1544    EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     1545    EXIST::FUNCTION:
+DIST_POINT_NAME_new                     1546    EXIST::FUNCTION:
+DIST_POINT_NAME_free                    1547    EXIST::FUNCTION:
+d2i_DIST_POINT_NAME                     1548    EXIST::FUNCTION:
+X509V3_add_value_uchar                  1549    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE               1560    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION          1567    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE               1589    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION          1624    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633    NOEXIST::FUNCTION:
+X509V3_EXT_i2d                          1646    EXIST::FUNCTION:
+X509V3_EXT_val_prn                      1647    EXIST::FUNCTION:
+X509V3_EXT_add_list                     1648    EXIST::FUNCTION:
+EVP_CIPHER_type                         1649    EXIST::FUNCTION:
+EVP_PBE_CipherInit                      1650    EXIST::FUNCTION:
+X509V3_add_value_bool_nf                1651    EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       1652    EXIST::FUNCTION:
+sk_value                                1653    EXIST::FUNCTION:
+sk_num                                  1654    EXIST::FUNCTION:
+sk_set                                  1655    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED            1661    NOEXIST::FUNCTION:
+sk_sort                                 1671    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED            1674    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR              1682    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL                1685    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR              1696    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL                1702    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753    NOEXIST::FUNCTION:
+PKCS5_PBE_add                           1775    EXIST::FUNCTION:
+PEM_write_bio_PKCS8                     1776    EXIST::FUNCTION:
+i2d_PKCS8_fp                            1777    EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778    EXIST::FUNCTION:
+d2i_PKCS8_bio                           1779    EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780    EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781    EXIST::FUNCTION:
+PEM_read_PKCS8                          1782    EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783    EXIST::FUNCTION:
+d2i_PKCS8_fp                            1784    EXIST::FUNCTION:FP_API
+PEM_write_PKCS8                         1785    EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786    EXIST:!WIN16:FUNCTION:
+PEM_read_bio_PKCS8                      1787    EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788    EXIST:!WIN16:FUNCTION:
+PKCS5_PBE_keyivgen                      1789    EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790    EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791    EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792    EXIST::FUNCTION:
+BIO_s_bio                               1793    EXIST::FUNCTION:
+PKCS5_pbe2_set                          1794    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  1795    EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   1796    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1797    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey               1798    EXIST::FUNCTION:
+BIO_ctrl_get_read_request               1799    EXIST::FUNCTION:
+BIO_ctrl_pending                        1800    EXIST::FUNCTION:
+BIO_ctrl_wpending                       1801    EXIST::FUNCTION:
+BIO_new_bio_pair                        1802    EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee            1803    EXIST::FUNCTION:
+CRYPTO_num_locks                        1804    EXIST::FUNCTION:
+CONF_load_bio                           1805    EXIST::FUNCTION:
+CONF_load_fp                            1806    EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844    NOEXIST::FUNCTION:
+PKCS7_signatureVerify                   1845    EXIST::FUNCTION:
+RSA_set_method                          1846    EXIST::FUNCTION:RSA
+RSA_get_method                          1847    EXIST::FUNCTION:RSA
+RSA_get_default_method                  1848    EXIST::FUNCTION:RSA
+RSA_check_key                           1869    EXIST::FUNCTION:RSA
+OBJ_obj2txt                             1870    EXIST::FUNCTION:
+DSA_dup_DH                              1871    EXIST::FUNCTION:DSA,DH
+X509_REQ_get_extensions                 1872    EXIST::FUNCTION:
+X509_REQ_set_extension_nids             1873    EXIST::FUNCTION:
+BIO_nwrite                              1874    EXIST::FUNCTION:
+X509_REQ_extension_nid                  1875    EXIST::FUNCTION:
+BIO_nread                               1876    EXIST::FUNCTION:
+X509_REQ_get_extension_nids             1877    EXIST::FUNCTION:
+BIO_nwrite0                             1878    EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1879    EXIST::FUNCTION:
+BIO_nread0                              1880    EXIST::FUNCTION:
+X509_REQ_add_extensions                 1881    EXIST::FUNCTION:
+BIO_new_mem_buf                         1882    EXIST::FUNCTION:
+DH_set_ex_data                          1883    EXIST::FUNCTION:DH
+DH_set_method                           1884    EXIST::FUNCTION:DH
+DSA_OpenSSL                             1885    EXIST::FUNCTION:DSA
+DH_get_ex_data                          1886    EXIST::FUNCTION:DH
+DH_get_ex_new_index                     1887    EXIST::FUNCTION:DH
+DSA_new_method                          1888    EXIST::FUNCTION:DSA
+DH_new_method                           1889    EXIST::FUNCTION:DH
+DH_OpenSSL                              1890    EXIST::FUNCTION:DH
+DSA_get_ex_new_index                    1891    EXIST::FUNCTION:DSA
+DH_get_default_method                   1892    EXIST::FUNCTION:DH
+DSA_set_ex_data                         1893    EXIST::FUNCTION:DSA
+DH_set_default_method                   1894    EXIST::FUNCTION:DH
+DSA_get_ex_data                         1895    EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf                 1896    EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897    EXIST::FUNCTION:
+NETSCAPE_SPKI_set_pubkey                1898    EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_encode                1899    EXIST::FUNCTION:
+NETSCAPE_SPKI_get_pubkey                1900    EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_decode                1901    EXIST::FUNCTION:
+UTF8_putc                               1902    EXIST::FUNCTION:
+UTF8_getc                               1903    EXIST::FUNCTION:
+RSA_null_method                         1904    EXIST::FUNCTION:RSA
+ASN1_tag2str                            1905    EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             1906    EXIST::FUNCTION:
+DISPLAYTEXT_new                         1907    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               1908    EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                1909    EXIST::FUNCTION:
+X509_set_ex_data                        1910    EXIST::FUNCTION:
+X509_reject_set_bit_asc                 1911    NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1912    EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              1914    EXIST::FUNCTION:
+X509_PURPOSE_get0                       1915    EXIST::FUNCTION:
+PEM_read_X509_AUX                       1917    EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS               1918    EXIST::FUNCTION:
+PEM_write_PUBKEY                        1921    EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new                  1925    EXIST::FUNCTION:
+X509_CERT_AUX_free                      1926    EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1927    EXIST::FUNCTION:
+X509_trust_clear                        1928    EXIST::FUNCTION:
+X509_TRUST_add                          1931    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new                  1932    EXIST::FUNCTION:
+X509_alias_set1                         1933    EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free               1934    EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       1935    EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new                      1936    EXIST::FUNCTION:
+ASN1_mbstring_copy                      1937    EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     1938    EXIST::FUNCTION:
+DSA_get_default_method                  1941    EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945    NOEXIST::FUNCTION:
+ASN1_T61STRING_free                     1946    EXIST::FUNCTION:
+DSA_set_method                          1949    EXIST::FUNCTION:DSA
+X509_get_ex_data                        1950    EXIST::FUNCTION:
+ASN1_STRING_type                        1951    EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname               1952    EXIST::FUNCTION:
+ASN1_TIME_free                          1954    EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp                   1955    EXIST::FUNCTION:
+ASN1_BIT_STRING_new                     1957    EXIST::FUNCTION:
+X509_get_ext_d2i                        1958    EXIST::FUNCTION:
+PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1960    EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc            1960    EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY                1961    EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp                        1963    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1964    EXIST::FUNCTION:RSA,FP_API
+X509_trust_set_bit_asc                  1967    NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968    EXIST::FUNCTION:
+X509_STORE_CTX_free                     1969    EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1970    EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp                       1971    EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file                 1972    EXIST::FUNCTION:
+ASN1_TIME_new                           1973    EXIST::FUNCTION:
+i2d_RSA_PUBKEY                          1974    EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit          1976    EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY                     1977    EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX                            1980    EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1981    EXIST::FUNCTION:DSA
+X509_CERT_AUX_print                     1982    EXIST::FUNCTION:
+PEM_read_DSA_PUBKEY                     1984    EXIST:!WIN16:FUNCTION:
+i2d_RSA_PUBKEY_bio                      1985    EXIST::FUNCTION:RSA
+ASN1_BIT_STRING_num_asc                 1986    EXIST::FUNCTION:
+i2d_PUBKEY                              1987    EXIST::FUNCTION:
+ASN1_UTCTIME_free                       1988    EXIST::FUNCTION:
+DSA_set_default_method                  1989    EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id                  1990    EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 1994    EXIST::FUNCTION:
+PEM_read_bio_PUBKEY                     1995    EXIST::FUNCTION:
+ASN1_STRING_set_by_NID                  1996    EXIST::FUNCTION:
+X509_PURPOSE_get_id                     1997    EXIST::FUNCTION:
+DISPLAYTEXT_free                        1998    EXIST::FUNCTION:
+OTHERNAME_new                           1999    EXIST::FUNCTION:
+X509_CERT_AUX_new                       2001    EXIST::FUNCTION:
+X509_TRUST_cleanup                      2007    EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ              2008    EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    2009    EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  2011    EXIST::FUNCTION:
+PEM_read_PUBKEY                         2012    EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio                      2014    EXIST::FUNCTION:DSA
+i2d_OTHERNAME                           2015    EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  2016    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 2017    EXIST::FUNCTION:
+X509_get_ex_new_index                   2019    EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               2020    EXIST::FUNCTION:
+X509_TRUST_get_by_id                    2021    EXIST::FUNCTION:
+X509_PURPOSE_get_trust                  2022    EXIST::FUNCTION:
+ASN1_STRING_length                      2023    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024    NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new                2025    EXIST::FUNCTION:
+X509V3_get_d2i                          2026    EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    2027    EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       2028    EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                2030    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask            2032    EXIST::FUNCTION:
+X509_STORE_CTX_new                      2033    EXIST::FUNCTION:
+EVP_PKEY_get1_RSA                       2034    EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free                    2038    EXIST::FUNCTION:
+PEM_write_X509_AUX                      2039    EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set                   2040    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       2041    EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY                          2044    EXIST::FUNCTION:RSA
+X509_TRUST_get0_name                    2046    EXIST::FUNCTION:
+X509_TRUST_get0                         2047    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free              2048    EXIST::FUNCTION:
+ASN1_IA5STRING_new                      2049    EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          2050    EXIST::FUNCTION:DSA
+X509_check_purpose                      2051    EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     2052    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      2053    EXIST::FUNCTION:RSA
+d2i_PUBKEY                              2054    EXIST::FUNCTION:
+X509_TRUST_get_trust                    2055    EXIST::FUNCTION:
+X509_TRUST_get_flags                    2056    EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2057    EXIST::FUNCTION:
+ASN1_T61STRING_new                      2058    EXIST::FUNCTION:
+ASN1_UTCTIME_new                        2060    EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS               2062    EXIST::FUNCTION:
+EVP_PKEY_set1_RSA                       2063    EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose              2064    EXIST::FUNCTION:
+ASN1_IA5STRING_free                     2065    EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  2066    EXIST::FUNCTION:
+X509_PURPOSE_get_count                  2067    EXIST::FUNCTION:
+CRYPTO_add_info                         2068    NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           2071    EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2072    EXIST::FUNCTION:
+X509_alias_get0                         2074    EXIST::FUNCTION:
+ASN1_STRING_data                        2075    EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2077    EXIST::FUNCTION:
+X509_trust_set_bit                      2078    NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free                    2080    EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2081    EXIST::FUNCTION:RSA
+X509_add1_reject_object                 2082    EXIST::FUNCTION:
+X509_check_trust                        2083    EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088    EXIST::FUNCTION:
+X509_PURPOSE_add                        2090    EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   2091    EXIST::FUNCTION:
+ASN1_UTF8STRING_free                    2092    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      2093    EXIST::FUNCTION:DSA
+PEM_write_RSA_PUBKEY                    2095    EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME                           2096    EXIST::FUNCTION:
+X509_reject_set_bit                     2098    NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY                    2101    EXIST:!WIN16:FUNCTION:
+X509_PURPOSE_get0_sname                 2105    EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2107    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup                   2108    EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     2109    EXIST::FUNCTION:
+X509_TRUST_get_count                    2110    EXIST::FUNCTION:
+ASN1_INTEGER_free                       2111    EXIST::FUNCTION:
+OTHERNAME_free                          2112    EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp                       2113    EXIST::FUNCTION:RSA,FP_API
+ASN1_INTEGER_dup                        2114    EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       2115    EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2117    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free                 2118    EXIST::FUNCTION:
+X509_PURPOSE_cleanup                    2119    EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     2123    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2126    EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        2128    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new                   2130    EXIST::FUNCTION:
+ASN1_INTEGER_new                        2131    EXIST::FUNCTION:
+i2d_X509_AUX                            2132    EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134    EXIST::FUNCTION:
+X509_cmp                                2135    EXIST::FUNCTION:
+ASN1_STRING_length_set                  2136    EXIST::FUNCTION:
+DIRECTORYSTRING_new                     2137    EXIST::FUNCTION:
+X509_add1_trust_object                  2140    EXIST::FUNCTION:
+PKCS12_newpass                          2141    EXIST::FUNCTION:
+SMIME_write_PKCS7                       2142    EXIST::FUNCTION:
+SMIME_read_PKCS7                        2143    EXIST::FUNCTION:
+des_set_key_checked                     2144    EXIST::FUNCTION:DES
+PKCS7_verify                            2145    EXIST::FUNCTION:
+PKCS7_encrypt                           2146    EXIST::FUNCTION:
+des_set_key_unchecked                   2147    EXIST::FUNCTION:DES
+SMIME_crlf_copy                         2148    EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING                2149    EXIST::FUNCTION:
+PKCS7_get0_signers                      2150    EXIST::FUNCTION:
+PKCS7_decrypt                           2151    EXIST::FUNCTION:
+SMIME_text                              2152    EXIST::FUNCTION:
+PKCS7_simple_smimecap                   2153    EXIST::FUNCTION:
+PKCS7_get_smimecap                      2154    EXIST::FUNCTION:
+PKCS7_sign                              2155    EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               2156    EXIST::FUNCTION:
+CRYPTO_dbg_set_options                  2157    EXIST::FUNCTION:
+CRYPTO_remove_all_info                  2158    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions          2159    EXIST::FUNCTION:
+CRYPTO_is_mem_check_on                  2160    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions          2161    EXIST::FUNCTION:
+CRYPTO_pop_info                         2162    EXIST::FUNCTION:
+CRYPTO_push_info_                       2163    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options            2164    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           2165    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       2166    EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid          2166    EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio                 2167    EXIST::FUNCTION:
+ASN1_NULL_free                          2168    EXIST::FUNCTION:
+d2i_ASN1_NULL                           2169    EXIST::FUNCTION:
+ASN1_NULL_new                           2170    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio                 2171    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  2172    EXIST::FUNCTION:
+i2d_ASN1_NULL                           2173    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp              2174    EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  2175    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             2176    EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp              2177    EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio             2178    EXIST::FUNCTION:
+PEM_cb                                  2179    NOEXIST::FUNCTION:
+i2d_PrivateKey_fp                       2180    EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio                      2181    EXIST::FUNCTION:
+d2i_PrivateKey_fp                       2182    EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio                      2183    EXIST::FUNCTION:
+X509_reject_clear                       2184    EXIST::FUNCTION:
+X509_TRUST_set_default                  2185    EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2186    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type                2187    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                2188    EXIST::FUNCTION:
+X509at_get_attr                         2189    EXIST::FUNCTION:
+X509at_get_attr_count                   2190    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID            2191    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              2192    EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    2193    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            2194    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2195    EXIST::FUNCTION:
+X509at_get_attr_by_NID                  2196    EXIST::FUNCTION:
+X509at_add1_attr                        2197    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data                2198    EXIST::FUNCTION:
+X509at_delete_attr                      2199    EXIST::FUNCTION:
+X509at_get_attr_by_OBJ                  2200    EXIST::FUNCTION:
+RAND_add                                2201    EXIST::FUNCTION:
+BIO_number_written                      2202    EXIST::FUNCTION:
+BIO_number_read                         2203    EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               2204    EXIST::FUNCTION:
+ERR_load_RAND_strings                   2205    EXIST::FUNCTION:
+RAND_pseudo_bytes                       2206    EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID                2207    EXIST::FUNCTION:
+X509_REQ_get_attr                       2208    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID               2209    EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ                2210    EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 2211    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2212    EXIST::FUNCTION:
+X509_REQ_get_attr_count                 2213    EXIST::FUNCTION:
+X509_REQ_add1_attr                      2214    EXIST::FUNCTION:
+X509_REQ_delete_attr                    2215    EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ                 2216    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               2217    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            2218    EXIST::FUNCTION:
+X509at_add1_attr_by_txt                 2219    EXIST::FUNCTION:
+BN_pseudo_rand                          2239    EXIST::FUNCTION:
+BN_is_prime_fasttest                    2240    EXIST::FUNCTION:
+BN_CTX_end                              2241    EXIST::FUNCTION:
+BN_CTX_start                            2242    EXIST::FUNCTION:
+BN_CTX_get                              2243    EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken                   2244    EXIST::FUNCTION:
+ASN1_STRING_TABLE_add                   2245    EXIST::FUNCTION:
+CRYPTO_dbg_get_options                  2246    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               2247    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options            2248    EXIST::FUNCTION:
+des_crypt                               2249    EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW              2250    EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  2251    EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl                       2252    EXIST::FUNCTION:
+RAND_egd                                2253    EXIST::FUNCTION:
+RAND_status                             2254    EXIST::FUNCTION:
+bn_dump1                                2255    NOEXIST::FUNCTION:
+des_check_key_parity                    2256    EXIST::FUNCTION:DES
+lh_num_items                            2257    EXIST::FUNCTION:
+RAND_event                              2258    EXIST::FUNCTION:
+DSO_new                                 2259    EXIST::FUNCTION:
+DSO_new_method                          2260    EXIST::FUNCTION:
+DSO_free                                2261    EXIST::FUNCTION:
+DSO_flags                               2262    EXIST::FUNCTION:
+DSO_up                                  2263    EXIST::FUNCTION:
+DSO_set_default_method                  2264    EXIST::FUNCTION:
+DSO_get_default_method                  2265    EXIST::FUNCTION:
+DSO_get_method                          2266    EXIST::FUNCTION:
+DSO_set_method                          2267    EXIST::FUNCTION:
+DSO_load                                2268    EXIST::FUNCTION:
+DSO_bind_var                            2269    EXIST::FUNCTION:
+DSO_METHOD_null                         2270    EXIST::FUNCTION:
+DSO_METHOD_openssl                      2271    EXIST::FUNCTION:
+DSO_METHOD_dlfcn                        2272    EXIST::FUNCTION:
+DSO_METHOD_win32                        2273    EXIST::FUNCTION:
+ERR_load_DSO_strings                    2274    EXIST::FUNCTION:
+DSO_METHOD_dl                           2275    EXIST::FUNCTION:
+NCONF_load                              2276    EXIST::FUNCTION:
+NCONF_load_fp                           2278    EXIST::FUNCTION:FP_API
+NCONF_new                               2279    EXIST::FUNCTION:
+NCONF_get_string                        2280    EXIST::FUNCTION:
+NCONF_free                              2281    EXIST::FUNCTION:
+NCONF_get_number                        2282    EXIST::FUNCTION:
+CONF_dump_fp                            2283    EXIST::FUNCTION:
+NCONF_load_bio                          2284    EXIST::FUNCTION:
+NCONF_dump_fp                           2285    EXIST::FUNCTION:
+NCONF_get_section                       2286    EXIST::FUNCTION:
+NCONF_dump_bio                          2287    EXIST::FUNCTION:
+CONF_dump_bio                           2288    EXIST::FUNCTION:
+NCONF_free_data                         2289    EXIST::FUNCTION:
+CONF_set_default_method                 2290    EXIST::FUNCTION:
+ERR_error_string_n                      2291    EXIST::FUNCTION:
+BIO_snprintf                            2292    EXIST::FUNCTION:
+DSO_ctrl                                2293    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER            2317    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7                   2328    NOEXIST::FUNCTION:
+BIO_vfree                               2334    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER            2339    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341    NOEXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350    EXIST::FUNCTION:
+X509_REQ_digest                         2362    EXIST::FUNCTION:
+X509_CRL_digest                         2391    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7                   2397    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           2399    EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2400    EXIST::FUNCTION:
+BN_mod_exp_mont_word                    2401    EXIST::FUNCTION:
+RAND_egd_bytes                          2402    EXIST::FUNCTION:
+X509_REQ_get1_email                     2403    EXIST::FUNCTION:
+X509_get1_email                         2404    EXIST::FUNCTION:
+X509_email_free                         2405    EXIST::FUNCTION:
+i2d_RSA_NET                             2406    EXIST::FUNCTION:RSA
+d2i_RSA_NET_2                           2407    EXIST::FUNCTION:RSA
+d2i_RSA_NET                             2408    EXIST::FUNCTION:RSA
+DSO_bind_func                           2409    EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid                2410    EXIST::FUNCTION:
+sk_new_null                             2411    EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback     2412    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb           2412    EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid                2413    EXIST::FUNCTION:
+CRYPTO_set_dynlock_size                 2414    NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback      2415    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb            2415    EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback        2416    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb              2416    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback        2417    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb              2417    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback     2418    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb           2418    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value                2419    EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback      2420    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb            2420    EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING                     2421    EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING                     2422    EXIST::FUNCTION:
+RAND_poll                               2423    EXIST::FUNCTION:
+c2i_ASN1_INTEGER                        2424    EXIST::FUNCTION:
+i2c_ASN1_INTEGER                        2425    EXIST::FUNCTION:
+BIO_dump_indent                         2426    EXIST::FUNCTION:
+ASN1_parse_dump                         2427    EXIST::FUNCTION:
+c2i_ASN1_OBJECT                         2428    EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   2429    EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp                 2430    EXIST::FUNCTION:FP_API
+X509_NAME_print_ex                      2431    EXIST::FUNCTION:
+ASN1_STRING_print_ex                    2432    EXIST::FUNCTION:
+MD4                                     2433    EXIST::FUNCTION:MD4
+MD4_Transform                           2434    EXIST::FUNCTION:MD4
+MD4_Final                               2435    EXIST::FUNCTION:MD4
+MD4_Update                              2436    EXIST::FUNCTION:MD4
+MD4_Init                                2437    EXIST::FUNCTION:MD4
+EVP_md4                                 2438    EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio                          2439    EXIST::FUNCTION:
+i2d_PUBKEY_fp                           2440    EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio                          2441    EXIST::FUNCTION:
+ASN1_STRING_to_UTF8                     2442    EXIST::FUNCTION:
+BIO_vprintf                             2443    EXIST::FUNCTION:
+BIO_vsnprintf                           2444    EXIST::FUNCTION:
+d2i_PUBKEY_fp                           2445    EXIST::FUNCTION:FP_API
+X509_cmp_time                           2446    EXIST::FUNCTION:
+X509_STORE_CTX_set_time                 2447    EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer              2448    EXIST::FUNCTION:
+X509_OBJECT_retrieve_match              2449    EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject              2450    EXIST::FUNCTION:
+X509_STORE_CTX_set_flags                2451    EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack            2452    EXIST::FUNCTION:
+X509_time_adj                           2453    EXIST::FUNCTION:
+X509_check_issued                       2454    EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 2455    EXIST::FUNCTION:
+des_set_weak_key_flag                   2456    EXIST::VARIABLE:DES
+des_check_key                           2457    EXIST::VARIABLE:DES
+des_rw_mode                             2458    EXIST::VARIABLE:DES
+RSA_PKCS1_RSAref                        2459    EXIST:RSAREF:FUNCTION:RSA
+X509_keyid_set1                         2460    EXIST::FUNCTION:
+BIO_next                                2461    EXIST::FUNCTION:
+DSO_METHOD_vms                          2462    EXIST::FUNCTION:
+BIO_f_linebuffer                        2463    EXIST:VMS:FUNCTION:
+ERR_load_ENGINE_strings                 2464    EXIST::FUNCTION:
+ENGINE_set_DSA                          2465    EXIST::FUNCTION:
+ENGINE_get_finish_function              2466    EXIST::FUNCTION:
+ENGINE_get_default_RSA                  2467    EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp                   2468    EXIST::FUNCTION:
+DSA_get_default_openssl_method          2469    EXIST::FUNCTION:DSA
+ENGINE_set_DH                           2470    EXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt       2471    EXIST:!VMS:FUNCTION:
+ENGINE_set_def_BN_mod_exp_crt           2471    EXIST:VMS:FUNCTION:
+ENGINE_init                             2472    EXIST::FUNCTION:
+DH_get_default_openssl_method           2473    EXIST::FUNCTION:DH
+RSA_set_default_openssl_method          2474    EXIST::FUNCTION:RSA
+ENGINE_finish                           2475    EXIST::FUNCTION:
+ENGINE_load_public_key                  2476    EXIST::FUNCTION:
+ENGINE_get_DH                           2477    EXIST::FUNCTION:
+ENGINE_ctrl                             2478    EXIST::FUNCTION:
+ENGINE_get_init_function                2479    EXIST::FUNCTION:
+ENGINE_set_init_function                2480    EXIST::FUNCTION:
+ENGINE_set_default_DSA                  2481    EXIST::FUNCTION:
+ENGINE_get_name                         2482    EXIST::FUNCTION:
+ENGINE_get_last                         2483    EXIST::FUNCTION:
+ENGINE_get_prev                         2484    EXIST::FUNCTION:
+ENGINE_get_default_DH                   2485    EXIST::FUNCTION:
+ENGINE_get_RSA                          2486    EXIST::FUNCTION:
+ENGINE_set_default                      2487    EXIST::FUNCTION:
+ENGINE_get_RAND                         2488    EXIST::FUNCTION:
+ENGINE_get_first                        2489    EXIST::FUNCTION:
+ENGINE_by_id                            2490    EXIST::FUNCTION:
+ENGINE_set_finish_function              2491    EXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2492    EXIST:!VMS:FUNCTION:
+ENGINE_get_def_BN_mod_exp_crt           2492    EXIST:VMS:FUNCTION:
+RSA_get_default_openssl_method          2493    EXIST::FUNCTION:RSA
+ENGINE_set_RSA                          2494    EXIST::FUNCTION:
+ENGINE_load_private_key                 2495    EXIST::FUNCTION:
+ENGINE_set_default_RAND                 2496    EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp                   2497    EXIST::FUNCTION:
+ENGINE_remove                           2498    EXIST::FUNCTION:
+ENGINE_free                             2499    EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp_crt               2500    EXIST::FUNCTION:
+ENGINE_get_next                         2501    EXIST::FUNCTION:
+ENGINE_set_name                         2502    EXIST::FUNCTION:
+ENGINE_get_default_DSA                  2503    EXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp           2504    EXIST::FUNCTION:
+ENGINE_set_default_RSA                  2505    EXIST::FUNCTION:
+ENGINE_get_default_RAND                 2506    EXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp           2507    EXIST::FUNCTION:
+ENGINE_set_RAND                         2508    EXIST::FUNCTION:
+ENGINE_set_id                           2509    EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp_crt               2510    EXIST::FUNCTION:
+ENGINE_set_default_DH                   2511    EXIST::FUNCTION:
+ENGINE_new                              2512    EXIST::FUNCTION:
+ENGINE_get_id                           2513    EXIST::FUNCTION:
+DSA_set_default_openssl_method          2514    EXIST::FUNCTION:DSA
+ENGINE_add                              2515    EXIST::FUNCTION:
+DH_set_default_openssl_method           2516    EXIST::FUNCTION:DH
+ENGINE_get_DSA                          2517    EXIST::FUNCTION:
+ENGINE_get_ctrl_function                2518    EXIST::FUNCTION:
+ENGINE_set_ctrl_function                2519    EXIST::FUNCTION:
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 100d76f279..46755fa287 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -52,7 +52,8 @@ foreach (@ARGV)
                 { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
                 print STDERR <<"EOF";
 and [options] can be one of
-        no-md2 no-md5 no-sha no-mdc2 no-ripemd  - Skip this digest
+        no-md2 no-md4 no-md5 no-sha no-mdc2     - Skip this digest
+        no-ripemd
         no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
         no-rc5
         no-rsa no-dsa no-dh                     - Skip this public key cipher
@@ -65,6 +66,7 @@ and [options] can be one of
         no-err                                  - No error strings
         dll/shlib                               - Build shared libraries (MS)
         debug                                   - Debug build
+        profile                                 - Profiling build
         gcc                                     - Use Gcc (unix)
         rsaref                                  - Build to require RSAref
 
@@ -200,6 +202,7 @@ $cflags.=" -DNO_RC2"  if $no_rc2;
 $cflags.=" -DNO_RC4"  if $no_rc4;
 $cflags.=" -DNO_RC5"  if $no_rc5;
 $cflags.=" -DNO_MD2"  if $no_md2;
+$cflags.=" -DNO_MD4"  if $no_md4;
 $cflags.=" -DNO_MD5"  if $no_md5;
 $cflags.=" -DNO_SHA"  if $no_sha;
 $cflags.=" -DNO_SHA1" if $no_sha1;
@@ -217,9 +220,10 @@ $cflags.=" -DNO_SSL3" if $no_ssl3;
 $cflags.=" -DNO_ERR"  if $no_err;
 $cflags.=" -DRSAref"  if $rsaref ne "";
 
-if ($unix)
-        { $cflags="$c_flags" if ($c_flags ne ""); }
-else    { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+## if ($unix)
+##      { $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+        { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
 
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 
@@ -273,6 +277,8 @@ LFLAGS=$lflags
 
 BN_ASM_OBJ=$bn_asm_obj
 BN_ASM_SRC=$bn_asm_src
+BNCO_ASM_OBJ=$bnco_asm_obj
+BNCO_ASM_SRC=$bnco_asm_src
 DES_ENC_OBJ=$des_enc_obj
 DES_ENC_SRC=$des_enc_src
 BF_ENC_OBJ=$bf_enc_obj
@@ -379,6 +385,7 @@ $banner
         \$(MKDIR) \$(INC_D)
 
 headers: \$(HEADER) \$(EXHEADER)
+        @
 
 lib: \$(LIBS_DEP)
 
@@ -539,6 +546,11 @@ foreach (values %lib_nam)
                 $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
                 $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
                 }
+        if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj .= "\$(BNCO_ASM_OBJ)";
+                $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+                }
         if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
                 {
                 $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
@@ -601,6 +613,14 @@ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPT
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 
 print $defs;
+
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+        (cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
+EOF
+}
 print "###################################################################\n";
 print $rules;
 
@@ -652,6 +672,7 @@ sub var_add
         @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
 
         @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
         @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
         @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
 
@@ -717,6 +738,7 @@ sub do_defs
                         { $pf=".c"; }
                 else    { $pf=$postfix; }
                 if ($_ =~ /BN_ASM/)     { $t="$_ "; }
+                elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
                 elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
                 elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
                 elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
@@ -840,6 +862,7 @@ sub read_options
         elsif (/^no-bf$/)       { $no_bf=1; }
         elsif (/^no-cast$/)     { $no_cast=1; }
         elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md4$/)      { $no_md4=1; }
         elsif (/^no-md5$/)      { $no_md5=1; }
         elsif (/^no-sha$/)      { $no_sha=1; }
         elsif (/^no-sha1$/)     { $no_sha1=1; }
@@ -865,8 +888,10 @@ sub read_options
         elsif (/^rsaref$/)      { $rsaref=1; }
         elsif (/^gcc$/)         { $gcc=1; }
         elsif (/^debug$/)       { $debug=1; }
+        elsif (/^profile$/)     { $profile=1; }
         elsif (/^shlib$/)       { $shlib=1; }
         elsif (/^dll$/)         { $shlib=1; }
+        elsif (/^shared$/)      { } # We just need to ignore it for now...
         elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
         elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
         elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index 4e2845a4e1..cc41a1813e 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -5,20 +5,78 @@
 # It does this by parsing the header files and looking for the
 # prototyped functions: it then prunes the output.
 #
+# Intermediary files are created, call libeay.num and ssleay.num,...
+# Previously, they had the following format:
+#
+#       routine-name    nnnn
+#
+# But that isn't enough for a number of reasons, the first on being that
+# this format is (needlessly) very Win32-centric, and even then...
+# One of the biggest problems is that there's no information about what
+# routines should actually be used, which varies with what crypto algorithms
+# are disabled.  Also, some operating systems (for example VMS with VAX C)
+# need to keep track of the global variables as well as the functions.
+#
+# So, a remake of this script is done so as to include information on the
+# kind of symbol it is (function or variable) and what algorithms they're
+# part of.  This will allow easy translating to .def files or the corresponding
+# file in other operating systems (a .opt file for VMS, possibly with a .mar
+# file).
+#
+# The format now becomes:
+#
+#       routine-name    nnnn    info
+#
+# and the "info" part is actually a colon-separated string of fields with
+# the following meaning:
+#
+#       existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name replacements for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash.  This script assumes those redefinitions are place in the file
+#   crypto/symhacks.h.
+#   The semantics for the platforms list is a bit complicated.  The rule of
+#   thumb is that the list is exclusive, but it seems to mean different things.
+#   So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists
+#   on all platforms except those listed.  If the list is all positives (like
+#   "VMS,WIN16"), the symbol exists only on those platforms and nowhere else.
+#   The combination of positives and negatives will act as if the positives
+#   weren't there.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
 
-my $crypto_num="util/libeay.num";
-my $ssl_num=   "util/ssleay.num";
+my $crypto_num= "util/libeay.num";
+my $ssl_num=    "util/ssleay.num";
 
 my $do_update = 0;
+my $do_rewrite = 0;
 my $do_crypto = 0;
 my $do_ssl = 0;
 my $do_ctest = 0;
+my $do_ctestall = 0;
 my $rsaref = 0;
 
-my $W32=1;
+my $VMS=0;
+my $W32=0;
+my $W16=0;
 my $NT=0;
 # Set this to make typesafe STACK definitions appear in DEF
-my $safe_stack_def = 1;
+my $safe_stack_def = 0;
+
+my @known_platforms = ( "__FreeBSD__", "VMS", "WIN16", "WIN32",
+                        "WINNT", "PERL5", "NeXT" );
+my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+                         "CAST", "MD2", "MD4", "MD5", "SHA", "RIPEMD",
+                         "MDC2", "RSA", "DSA", "DH", "HMAC", "FP_API" );
 
 my $options="";
 open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
@@ -31,24 +89,31 @@ close(IN);
 # defined with ifndef(NO_XXX) are not included in the .def file, and everything
 # in directory xxx is ignored.
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast; my $no_md2; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+my $no_cast;
+my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0;
+my $no_fp_api;
 
 foreach (@ARGV, split(/ /, $options))
         {
         $W32=1 if $_ eq "32";
-        $W32=0 if $_ eq "16";
+        $W16=1 if $_ eq "16";
         if($_ eq "NT") {
                 $W32 = 1;
                 $NT = 1;
         }
+        $VMS=1 if $_ eq "VMS";
+        $rsaref=1 if $_ eq "rsaref";
+
         $do_ssl=1 if $_ eq "ssleay";
         $do_ssl=1 if $_ eq "ssl";
         $do_crypto=1 if $_ eq "libeay";
         $do_crypto=1 if $_ eq "crypto";
         $do_update=1 if $_ eq "update";
+        $do_rewrite=1 if $_ eq "rewrite";
         $do_ctest=1 if $_ eq "ctest";
-        $rsaref=1 if $_ eq "rsaref";
+        $do_ctestall=1 if $_ eq "ctestall";
+        #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
 
         if    (/^no-rc2$/)      { $no_rc2=1; }
         elsif (/^no-rc4$/)      { $no_rc4=1; }
@@ -58,6 +123,7 @@ foreach (@ARGV, split(/ /, $options))
         elsif (/^no-bf$/)       { $no_bf=1; }
         elsif (/^no-cast$/)     { $no_cast=1; }
         elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md4$/)      { $no_md4=1; }
         elsif (/^no-md5$/)      { $no_md5=1; }
         elsif (/^no-sha$/)      { $no_sha=1; }
         elsif (/^no-ripemd$/)   { $no_ripemd=1; }
@@ -69,6 +135,16 @@ foreach (@ARGV, split(/ /, $options))
         }
 
 
+# If no platform is given, assume WIN32
+if ($W32 + $W16 + $VMS == 0) {
+        $W32 = 1;
+}
+
+# Add extra knowledge
+if ($W16) {
+        $no_fp_api=1;
+}
+
 if (!$do_ssl && !$do_crypto)
         {
         print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ] [rsaref]\n";
@@ -91,6 +167,7 @@ $crypto.=" crypto/rc2/rc2.h" unless $no_rc2;
 $crypto.=" crypto/bf/blowfish.h" unless $no_bf;
 $crypto.=" crypto/cast/cast.h" unless $no_cast;
 $crypto.=" crypto/md2/md2.h" unless $no_md2;
+$crypto.=" crypto/md4/md4.h" unless $no_md4;
 $crypto.=" crypto/md5/md5.h" unless $no_md5;
 $crypto.=" crypto/mdc2/mdc2.h" unless $no_mdc2;
 $crypto.=" crypto/sha/sha.h" unless $no_sha;
@@ -102,9 +179,11 @@ $crypto.=" crypto/dsa/dsa.h" unless $no_dsa;
 $crypto.=" crypto/dh/dh.h" unless $no_dh;
 $crypto.=" crypto/hmac/hmac.h" unless $no_hmac;
 
+$crypto.=" crypto/engine/engine.h";
 $crypto.=" crypto/stack/stack.h";
 $crypto.=" crypto/buffer/buffer.h";
 $crypto.=" crypto/bio/bio.h";
+$crypto.=" crypto/dso/dso.h";
 $crypto.=" crypto/lhash/lhash.h";
 $crypto.=" crypto/conf/conf.h";
 $crypto.=" crypto/txt_db/txt_db.h";
@@ -125,25 +204,41 @@ $crypto.=" crypto/rand/rand.h";
 $crypto.=" crypto/comp/comp.h";
 $crypto.=" crypto/tmdiff.h";
 
-my @ssl_func = &do_defs("SSLEAY", $ssl);
-my @crypto_func = &do_defs("LIBEAY", $crypto);
+my $symhacks="crypto/symhacks.h";
 
+my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
 
 if ($do_update) {
 
 if ($do_ssl == 1) {
-        open(OUT, ">>$ssl_num");
-        &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl, @ssl_func);
+
+        &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$ssl_num");
+                &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
+                close OUT;
+        } else {
+                open(OUT, ">>$ssl_num");
+        }
+        &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
         close OUT;
 }
 
 if($do_crypto == 1) {
-        open(OUT, ">>$crypto_num");
-        &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto, @crypto_func);
+
+        &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$crypto_num");
+                &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
+        } else {
+                open(OUT, ">>$crypto_num");
+        }
+        &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
         close OUT;
 } 
 
-} elsif ($do_ctest) {
+} elsif ($do_ctest || $do_ctestall) {
 
         print <<"EOF";
 
@@ -154,20 +249,20 @@ if($do_crypto == 1) {
 int main()
 {
 EOF
-        &print_test_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_func)
+        &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
                 if $do_ssl == 1;
 
-        &print_test_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_func)
+        &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
                 if $do_crypto == 1;
 
         print "}\n";
 
 } else {
 
-        &print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_func)
+        &print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_symbols)
                 if $do_ssl == 1;
 
-        &print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_func)
+        &print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_symbols)
                 if $do_crypto == 1;
 
 }
@@ -175,42 +270,30 @@ EOF
 
 sub do_defs
 {
-        my($name,$files)=@_;
+        my($name,$files,$symhacksfile)=@_;
         my $file;
         my @ret;
-        my %funcs;
+        my %syms;
+        my %platform;           # For anything undefined, we assume ""
+        my %kind;               # For anything undefined, we assume "FUNCTION"
+        my %algorithm;          # For anything undefined, we assume ""
+        my %rename;
         my $cpp;
 
-        foreach $file (split(/\s+/,$files))
+        foreach $file (split(/\s+/,$symhacksfile." ".$files))
                 {
                 open(IN,"<$file") || die "unable to open $file:$!\n";
                 my $line = "", my $def= "";
                 my %tag = (
-                        FreeBSD         => 0,
+                        (map { $_ => 0 } @known_platforms),
+                        (map { "NO_".$_ => 0 } @known_algorithms),
                         NOPROTO         => 0,
-                        WIN16           => 0,
                         PERL5           => 0,
                         _WINDLL         => 0,
-                        NO_FP_API       => 0,
                         CONST_STRICT    => 0,
                         TRUE            => 1,
-                        NO_RC2          => 0,
-                        NO_RC4          => 0,
-                        NO_RC5          => 0,
-                        NO_IDEA         => 0,
-                        NO_DES          => 0,
-                        NO_BF           => 0,
-                        NO_CAST         => 0,
-                        NO_MD2          => 0,
-                        NO_MD5          => 0,
-                        NO_SHA          => 0,
-                        NO_RIPEMD       => 0,
-                        NO_MDC2         => 0,
-                        NO_RSA          => 0,
-                        NO_DSA          => 0,
-                        NO_DH           => 0,
-                        NO_HMAC         => 0,
                 );
+                my $symhacking = $file eq $symhacksfile;
                 while(<IN>) {
                         last if (/BEGIN ERROR CODES/);
                         if ($line ne '') {
@@ -223,9 +306,9 @@ sub do_defs
                                 next;
                         }
 
-                        $cpp = 1 if /^#.*ifdef.*cplusplus/;
+                        $cpp = 1 if /^\#.*ifdef.*cplusplus/;
                         if ($cpp) {
-                                $cpp = 0 if /^#.*endif/;
+                                $cpp = 0 if /^\#.*endif/;
                                 next;
                         }
 
@@ -234,115 +317,132 @@ sub do_defs
                         if (/^\#\s*ifndef (.*)/) {
                                 push(@tag,$1);
                                 $tag{$1}=-1;
-                                next;
                         } elsif (/^\#\s*if !defined\(([^\)]+)\)/) {
                                 push(@tag,$1);
                                 $tag{$1}=-1;
-                                next;
                         } elsif (/^\#\s*ifdef (.*)/) {
                                 push(@tag,$1);
                                 $tag{$1}=1;
-                                next;
-                        } elsif (/^\#\s*if defined(.*)/) {
+                        } elsif (/^\#\s*if defined\(([^\)]+)\)/) {
                                 push(@tag,$1);
                                 $tag{$1}=1;
-                                next;
+                        } elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+                                if ($tag[$#tag] eq "NO_".$1) {
+                                        $tag{$tag[$#tag]}=2;
+                                }
                         } elsif (/^\#\s*endif/) {
-                                $tag{$tag[$#tag]}=0;
+                                if ($tag{$tag[$#tag]}==2) {
+                                        $tag{$tag[$#tag]}=-1;
+                                } else {
+                                        $tag{$tag[$#tag]}=0;
+                                }
                                 pop(@tag);
-                                next;
                         } elsif (/^\#\s*else/) {
                                 my $t=$tag[$#tag];
                                 $tag{$t}= -$tag{$t};
-                                next;
                         } elsif (/^\#\s*if\s+1/) {
                                 # Dummy tag
                                 push(@tag,"TRUE");
                                 $tag{"TRUE"}=1;
-                                next;
                         } elsif (/^\#\s*if\s+0/) {
                                 # Dummy tag
                                 push(@tag,"TRUE");
                                 $tag{"TRUE"}=-1;
-                                next;
-                        } elsif (/^\#/) {
+                        } elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+                                 && $symhacking) {
+                                my $s = $1;
+                                my $a =
+                                    $2.":".join(",", grep(!/^$/,
+                                                          map { $tag{$_} == 1 ?
+                                                                    $_ : "" }
+                                                          @known_platforms));
+                                $rename{$s} = $a;
+                        }
+                        if (/^\#/) {
+                                my @p = grep(!/^$/,
+                                             map { $tag{$_} == 1 ? $_ :
+                                                       $tag{$_} == -1 ? "!".$_  : "" }
+                                             @known_platforms);
+                                my @a = grep(!/^$/,
+                                             map { $tag{"NO_".$_} == -1 ? $_ : "" }
+                                             @known_algorithms);
+                                $def .= "#INFO:".join(',',@p).":".join(',',@a).";";
                                 next;
                         }
-                        if ($safe_stack_def &&
-                                /^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
-                                $funcs{"sk_${1}_new"} = 1;
-                                $funcs{"sk_${1}_new_null"} = 1;
-                                $funcs{"sk_${1}_free"} = 1;
-                                $funcs{"sk_${1}_num"} = 1;
-                                $funcs{"sk_${1}_value"} = 1;
-                                $funcs{"sk_${1}_set"} = 1;
-                                $funcs{"sk_${1}_zero"} = 1;
-                                $funcs{"sk_${1}_push"} = 1;
-                                $funcs{"sk_${1}_unshift"} = 1;
-                                $funcs{"sk_${1}_find"} = 1;
-                                $funcs{"sk_${1}_delete"} = 1;
-                                $funcs{"sk_${1}_delete_ptr"} = 1;
-                                $funcs{"sk_${1}_insert"} = 1;
-                                $funcs{"sk_${1}_set_cmp_func"} = 1;
-                                $funcs{"sk_${1}_dup"} = 1;
-                                $funcs{"sk_${1}_pop_free"} = 1;
-                                $funcs{"sk_${1}_shift"} = 1;
-                                $funcs{"sk_${1}_pop"} = 1;
-                                $funcs{"sk_${1}_sort"} = 1;
-                        } elsif ($safe_stack_def &&
-                                /^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
-                                $funcs{"d2i_ASN1_SET_OF_${1}"} = 1;
-                                $funcs{"i2d_ASN1_SET_OF_${1}"} = 1;
+                        if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                next;
+                        } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                next;
+                        } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+                                next;
                         } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
-                                     /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
-                                if($W32) {
-                                        $funcs{"PEM_read_${1}"} = 1;
-                                        $funcs{"PEM_write_${1}"} = 1;
+                                 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+                                # Things not in Win16
+                                $syms{"PEM_read_${1}"} = 1;
+                                $platform{"PEM_read_${1}"} = "!WIN16";
+                                $syms{"PEM_write_${1}"} = 1;
+                                $platform{"PEM_write_${1}"} = "!WIN16";
+                                # Things that are everywhere
+                                $syms{"PEM_read_bio_${1}"} = 1;
+                                $syms{"PEM_write_bio_${1}"} = 1;
+                                if ($1 eq "RSAPrivateKey" ||
+                                    $1 eq "RSAPublicKey" ||
+                                    $1 eq "RSA_PUBKEY") {
+                                        $algorithm{"PEM_read_${1}"} = "RSA";
+                                        $algorithm{"PEM_write_${1}"} = "RSA";
+                                        $algorithm{"PEM_read_bio_${1}"} = "RSA";
+                                        $algorithm{"PEM_write_bio_${1}"} = "RSA";
+                                }
+                                elsif ($1 eq "DSAPrivateKey" ||
+                                       $1 eq "DSAparams" ||
+                                       $1 eq "RSA_PUBKEY") {
+                                        $algorithm{"PEM_read_${1}"} = "DSA";
+                                        $algorithm{"PEM_write_${1}"} = "DSA";
+                                        $algorithm{"PEM_read_bio_${1}"} = "DSA";
+                                        $algorithm{"PEM_write_bio_${1}"} = "DSA";
+                                }
+                                elsif ($1 eq "DHparams") {
+                                        $algorithm{"PEM_read_${1}"} = "DH";
+                                        $algorithm{"PEM_write_${1}"} = "DH";
+                                        $algorithm{"PEM_read_bio_${1}"} = "DH";
+                                        $algorithm{"PEM_write_bio_${1}"} = "DH";
                                 }
-                                $funcs{"PEM_read_bio_${1}"} = 1;
-                                $funcs{"PEM_write_bio_${1}"} = 1;
                         } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
                                      /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
-                                if($W32) {
-                                        $funcs{"PEM_write_${1}"} = 1;
+                                # Things not in Win16
+                                $syms{"PEM_write_${1}"} = 1;
+                                $platform{"PEM_write_${1}"} .= ",!WIN16";
+                                # Things that are everywhere
+                                $syms{"PEM_write_bio_${1}"} = 1;
+                                if ($1 eq "RSAPrivateKey" ||
+                                    $1 eq "RSAPublicKey" ||
+                                    $1 eq "RSA_PUBKEY") {
+                                        $algorithm{"PEM_write_${1}"} = "RSA";
+                                        $algorithm{"PEM_write_bio_${1}"} = "RSA";
+                                }
+                                elsif ($1 eq "DSAPrivateKey" ||
+                                       $1 eq "DSAparams" ||
+                                       $1 eq "RSA_PUBKEY") {
+                                        $algorithm{"PEM_write_${1}"} = "DSA";
+                                        $algorithm{"PEM_write_bio_${1}"} = "DSA";
+                                }
+                                elsif ($1 eq "DHparams") {
+                                        $algorithm{"PEM_write_${1}"} = "DH";
+                                        $algorithm{"PEM_write_bio_${1}"} = "DH";
                                 }
-                                $funcs{"PEM_write_bio_${1}"} = 1;
                         } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
                                      /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
-                                if($W32) {
-                                        $funcs{"PEM_read_${1}"} = 1;
-                                }
-                                $funcs{"PEM_read_bio_${1}"} = 1;
+                                # Things not in Win16
+                                $syms{"PEM_read_${1}"} = 1;
+                                $platform{"PEM_read_${1}"} .= ",!WIN16";
+                                # Things that are everywhere
+                                $syms{"PEM_read_bio_${1}"} = 1;
                         } elsif (
-                                ($tag{'TRUE'} != -1) &&
-                                ($tag{'FreeBSD'} != 1) &&
-                                ($tag{'CONST_STRICT'} != 1) &&
-                                (($W32 && ($tag{'WIN16'} != 1)) ||
-                                 (!$W32 && ($tag{'WIN16'} != -1))) &&
-                                ($tag{'PERL5'} != 1) &&
-#                               ($tag{'_WINDLL'} != -1) &&
-                                ((!$W32 && $tag{'_WINDLL'} != -1) ||
-                                 ($W32 && $tag{'_WINDLL'} != 1)) &&
-                                ((($tag{'NO_FP_API'} != 1) && $W32) ||
-                                 (($tag{'NO_FP_API'} != -1) && !$W32)) &&
-                                ($tag{'NO_RC2'} == 0  || !$no_rc2) &&
-                                ($tag{'NO_RC4'} == 0  || !$no_rc4) &&
-                                ($tag{'NO_RC5'} == 0  || !$no_rc5) &&
-                                ($tag{'NO_IDEA'} == 0 || !$no_idea) &&
-                                ($tag{'NO_DES'} == 0  || !$no_des) &&
-                                ($tag{'NO_BF'} == 0   || !$no_bf) &&
-                                ($tag{'NO_CAST'} == 0 || !$no_cast) &&
-                                ($tag{'NO_MD2'} == 0  || !$no_md2) &&
-                                ($tag{'NO_MD5'} == 0  || !$no_md5) &&
-                                ($tag{'NO_SHA'} == 0  || !$no_sha) &&
-                                ($tag{'NO_RIPEMD'} == 0 || !$no_ripemd) &&
-                                ($tag{'NO_MDC2'} == 0 || !$no_mdc2) &&
-                                ($tag{'NO_RSA'} == 0  || !$no_rsa) &&
-                                ($tag{'NO_DSA'} == 0  || !$no_dsa) &&
-                                ($tag{'NO_DH'} == 0   || !$no_dh) &&
-                                ($tag{'NO_HMAC'} == 0 || !$no_hmac))
+                                ($tag{'TRUE'} != -1)
+                                && ($tag{'CONST_STRICT'} != 1)
+                                 )
                                 {
-                                        if (/{|\/\*/) { # }
+                                        if (/\{|\/\*|\([^\)]*$/) {
                                                 $line = $_;
                                         } else {
                                                 $def .= $_;
@@ -351,24 +451,26 @@ sub do_defs
                         }
                 close(IN);
 
+                my $algs;
+                my $plays;
+
                 foreach (split /;/, $def) {
+                        my $s; my $k = "FUNCTION"; my $p; my $a;
                         s/^[\n\s]*//g;
                         s/[\n\s]*$//g;
+                        next if(/\#undef/);
                         next if(/typedef\W/);
-                        next if(/EVP_bf/ and $no_bf);
-                        next if(/EVP_cast/ and $no_cast);
-                        next if(/EVP_des/ and $no_des);
-                        next if(/EVP_dss/ and $no_dsa);
-                        next if(/EVP_idea/ and $no_idea);
-                        next if(/EVP_md2/ and $no_md2);
-                        next if(/EVP_md5/ and $no_md5);
-                        next if(/EVP_rc2/ and $no_rc2);
-                        next if(/EVP_rc4/ and $no_rc4);
-                        next if(/EVP_rc5/ and $no_rc5);
-                        next if(/EVP_ripemd/ and $no_ripemd);
-                        next if(/EVP_sha/ and $no_sha);
-                        if (/\(\*(\w*)\([^\)]+/) {
-                                $funcs{$1} = 1;
+                        next if(/\#define/);
+
+                        if (/^\#INFO:([^:]*):(.*)$/) {
+                                $plats = $1;
+                                $algs = $2;
+                                next;
+                        } elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+)(\[[0-9]*\])*\s*$/) {
+                                $s = $1;
+                                $k = "VARIABLE";
+                        } elsif (/\(\*(\w*)\([^\)]+/) {
+                                $s = $1;
                         } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) {
                                 # K&R C
                                 next;
@@ -379,65 +481,184 @@ sub do_defs
                                 }
                                 s/\(void\)//;
                                 /(\w+)\W*\(\)/s;
-                                $funcs{$1} = 1;
+                                $s = $1;
                         } elsif (/\(/ and not (/=/)) {
                                 print STDERR "File $file: cannot parse: $_;\n";
+                                next;
+                        } else {
+                                next;
+                        }
+
+                        $syms{$s} = 1;
+                        $kind{$s} = $k;
+
+                        $p = $plats;
+                        $a = $algs;
+                        $a .= ",BF" if($s =~ /EVP_bf/);
+                        $a .= ",CAST" if($s =~ /EVP_cast/);
+                        $a .= ",DES" if($s =~ /EVP_des/);
+                        $a .= ",DSA" if($s =~ /EVP_dss/);
+                        $a .= ",IDEA" if($s =~ /EVP_idea/);
+                        $a .= ",MD2" if($s =~ /EVP_md2/);
+                        $a .= ",MD4" if($s =~ /EVP_md4/);
+                        $a .= ",MD5" if($s =~ /EVP_md5/);
+                        $a .= ",RC2" if($s =~ /EVP_rc2/);
+                        $a .= ",RC4" if($s =~ /EVP_rc4/);
+                        $a .= ",RC5" if($s =~ /EVP_rc5/);
+                        $a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+                        $a .= ",SHA" if($s =~ /EVP_sha/);
+                        $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
+                        $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
+                        $a .= ",RSA" if($s =~ /RSAPrivateKey/);
+                        $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+
+                        $platform{$s} .= ','.$p;
+                        $algorithm{$s} .= ','.$a;
+
+                        if (defined($rename{$s})) {
+                                (my $r, my $p) = split(/:/,$rename{$s});
+                                my @ip = map { /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p;
+                                $syms{$r} = 1;
+                                $kind{$r} = $kind{$s}."(".$s.")";
+                                $algorithm{$r} = $algorithm{$s};
+                                $platform{$r} = $platform{$s}.",".$p;
+                                $platform{$s} .= ','.join(',', @ip).','.join(',', @ip);
                         }
                 }
         }
 
-        # Prune the returned functions
+        # Prune the returned symbols
 
-        delete $funcs{"SSL_add_dir_cert_subjects_to_stack"};
-        delete $funcs{"RSA_PKCS1_RSAref"} unless $rsaref;
-        delete $funcs{"bn_dump1"};
+        $platform{"crypt"} .= ",!PERL5,!__FreeBSD__,!NeXT";
 
-        if($W32) {
-                delete $funcs{"BIO_s_file_internal"};
-                delete $funcs{"BIO_new_file_internal"};
-                delete $funcs{"BIO_new_fp_internal"};
-        } else {
-                if(exists $funcs{"ERR_load_CRYPTO_strings"}) {
-                        delete $funcs{"ERR_load_CRYPTO_strings"};
-                        $funcs{"ERR_load_CRYPTOlib_strings"} = 1;
+        delete $syms{"SSL_add_dir_cert_subjects_to_stack"};
+        delete $syms{"bn_dump1"};
+
+        $platform{"BIO_s_file_internal"} .= ",WIN16";
+        $platform{"BIO_new_file_internal"} .= ",WIN16";
+        $platform{"BIO_new_fp_internal"} .= ",WIN16";
+
+        $platform{"BIO_s_file"} .= ",!WIN16";
+        $platform{"BIO_new_file"} .= ",!WIN16";
+        $platform{"BIO_new_fp"} .= ",!WIN16";
+
+        $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
+
+        if(exists $syms{"ERR_load_CRYPTO_strings"}) {
+                $platform{"ERR_load_CRYPTO_strings"} .= ",!VMS,!WIN16";
+                $syms{"ERR_load_CRYPTOlib_strings"} = 1;
+                $platform{"ERR_load_CRYPTOlib_strings"} .= ",VMS,WIN16";
+        }
+
+        # Info we know about
+
+        $platform{"RSA_PKCS1_RSAref"} = "RSAREF";
+        $algorithm{"RSA_PKCS1_RSAref"} = "RSA";
+
+        push @ret, map { $_."\\".&info_string($_,"EXIST",
+                                              $platform{$_},
+                                              $kind{$_},
+                                              $algorithm{$_}) } keys %syms;
+
+        return(@ret);
+}
+
+sub info_string {
+        (my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+        my %a = defined($algorithms) ?
+            map { $_ => 1 } split /,/, $algorithms : ();
+        my $pl = defined($platforms) ? $platforms : "";
+        my %p = map { $_ => 0 } split /,/, $pl;
+        my $k = defined($kind) ? $kind : "FUNCTION";
+        my $ret;
+
+        # We do this, because if there's code like the following, it really
+        # means the function exists in all cases and should therefore be
+        # everywhere.  By increasing and decreasing, we may attain 0:
+        #
+        # ifndef WIN16
+        #    int foo();
+        # else
+        #    int _fat foo();
+        # endif
+        foreach $platform (split /,/, $pl) {
+                if ($platform =~ /^!(.*)$/) {
+                        $p{$1}--;
+                } else {
+                        $p{$platform}++;
                 }
-                delete $funcs{"BIO_s_file"};
-                delete $funcs{"BIO_new_file"};
-                delete $funcs{"BIO_new_fp"};
         }
-        if (!$NT) {
-                delete $funcs{"BIO_s_log"};
+        foreach $platform (keys %p) {
+                if ($p{$platform} == 0) { delete $p{$platform}; }
         }
 
-        push @ret, keys %funcs;
+        delete $p{""};
+        delete $a{""};
 
-        return(@ret);
+        $ret = $exist;
+        $ret .= ":".join(',',map { $p{$_} < 0 ? "!".$_ : $_ } keys %p);
+        $ret .= ":".$k;
+        $ret .= ":".join(',',keys %a);
+        return $ret;
+}
+
+sub maybe_add_info {
+        (my $name, *nums, my @symbols) = @_;
+        my $sym;
+        my $new_info = 0;
+
+        print STDERR "Updating $name info\n";
+        foreach $sym (@symbols) {
+                (my $s, my $i) = split /\\/, $sym;
+                $i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+                if (defined($nums{$s})) {
+                        (my $n, my $dummy) = split /\\/, $nums{$s};
+                        if (!defined($dummy) || $i ne $dummy) {
+                                $nums{$s} = $n."\\".$i;
+                                $new_info++;
+                                #print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n";
+                        }
+                }
+        }
+        if ($new_info) {
+                print STDERR "$new_info old symbols got an info update\n";
+                if (!$do_rewrite) {
+                        print STDERR "You should do a rewrite to fix this.\n";
+                }
+        } else {
+                print STDERR "No old symbols needed info update\n";
+        }
 }
 
 sub print_test_file
 {
-        (*OUT,my $name,*nums,my @functions)=@_;
+        (*OUT,my $name,*nums,my @symbols)=@_;
         my $n = 1; my @e; my @r;
-        my $func;
-
-        (@e)=grep(/^SSLeay/,@functions);
-        (@r)=grep(!/^SSLeay/,@functions);
-        @functions=((sort @e),(sort @r));
-
-        foreach $func (@functions) {
-                if (!defined($nums{$func})) {
-                        printf STDERR "$func does not have a number assigned\n"
-                                        if(!$do_update);
-                } else {
-                        $n=$nums{$func};
-                        print OUT "\t$func();\n";
+        my $sym; my $prev = ""; my $prefSSLeay;
+
+        (@e)=grep(/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
+        (@r)=grep(/^\w+\\.*?:.*?:FUNCTION/ && !/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
+        @symbols=((sort @e),(sort @r));
+
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                if ($s ne $prev) {
+                        if (!defined($nums{$sym})) {
+                                printf STDERR "Warning: $sym does not have a number assigned\n"
+                                                if(!$do_update);
+                        } else {
+                                $n=$nums{$s};
+                                print OUT "\t$s();\n";
+                        }
                 }
+                $prev = $s;     # To avoid duplicates...
         }
 }
 
 sub print_def_file
 {
-        (*OUT,my $name,*nums,my @functions)=@_;
+        (*OUT,my $name,*nums,my @symbols)=@_;
         my $n = 1; my @e; my @r;
 
         if ($W32)
@@ -471,18 +692,61 @@ EOF
 
         print "EXPORTS\n";
 
+        (@e)=grep(/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
+        (@r)=grep(/^\w+\\.*?:.*?:FUNCTION/ && !/^SSLeay\\.*?:.*?:FUNCTION/,@symbols);
+        @symbols=((sort @e),(sort @r));
 
-        (@e)=grep(/^SSLeay/,@functions);
-        (@r)=grep(!/^SSLeay/,@functions);
-        @functions=((sort @e),(sort @r));
 
-        foreach $func (@functions) {
-                if (!defined($nums{$func})) {
-                        printf STDERR "$func does not have a number assigned\n"
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                if (!defined($nums{$s})) {
+                        printf STDERR "Warning: $s does not have a number assigned\n"
                                         if(!$do_update);
                 } else {
-                        $n=$nums{$func};
-                        printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$func,$n;
+                        (my $n, my $i) = split /\\/, $nums{$s};
+                        my %pf = ();
+                        my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1));
+                        # @p_purged must contain hardware platforms only
+                        my @p_purged = ();
+                        foreach $ptmp (@p) {
+                                next if $ptmp =~ /^!?RSAREF$/;
+                                push @p_purged, $ptmp;
+                        }
+                        my $negatives = !!grep(/^!/,@p);
+                        # It is very important to check NT before W32
+                        if ((($NT && (!@p_purged
+                                      || (!$negatives && grep(/^WINNT$/,@p))
+                                      || ($negatives && !grep(/^!WINNT$/,@p))))
+                             || ($W32 && (!@p_purged
+                                          || (!$negatives && grep(/^WIN32$/,@p))
+                                          || ($negatives && !grep(/^!WIN32$/,@p))))
+                             || ($W16 && (!@p_purged
+                                          || (!$negatives && grep(/^WIN16$/,@p))
+                                          || ($negatives && !grep(/^!WIN16$/,@p)))))
+                            && (!@p
+                                || (!$negatives
+                                    && ($rsaref || !grep(/^RSAREF$/,@p)))
+                                || ($negatives
+                                    && (!$rsaref || !grep(/^!RSAREF$/,@p))))) {
+                                printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$s,$n;
+#                       } else {
+#                               print STDERR "DEBUG: \"$sym\" (@p):",
+#                               " rsaref:", !!(!@p
+#                                              || (!$negatives
+#                                                  && ($rsaref || !grep(/^RSAREF$/,@p)))
+#                                              || ($negatives
+#                                                  && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0,
+#                               " 16:", !!($W16 && (!@p_purged
+#                                                   || (!$negatives && grep(/^WIN16$/,@p))
+#                                                   || ($negatives && !grep(/^!WIN16$/,@p)))),
+#                               " 32:", !!($W32 && (!@p_purged
+#                                                   || (!$negatives && grep(/^WIN32$/,@p))
+#                                                   || ($negatives && !grep(/^!WIN32$/,@p)))),
+#                               " NT:", !!($NT && (!@p_purged
+#                                                  || (!$negatives && grep(/^WINNT$/,@p))
+#                                                  || ($negatives && !grep(/^!WINNT$/,@p)))),
+#                               "\n";
+                        }
                 }
         }
         printf OUT "\n";
@@ -494,6 +758,8 @@ sub load_numbers
         my(@a,%ret);
 
         $max_num = 0;
+        $num_noinfo = 0;
+        $prev = "";
 
         open(IN,"<$name") || die "unable to open $name:$!\n";
         while (<IN>) {
@@ -501,27 +767,138 @@ sub load_numbers
                 s/#.*$//;
                 next if /^\s*$/;
                 @a=split;
-                $ret{$a[0]}=$a[1];
+                if (defined $ret{$a[0]}) {
+                        print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+                }
+                if ($max_num > $a[1]) {
+                        print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+                }
+                if ($max_num == $a[1]) {
+                        # This is actually perfectly OK
+                        #print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+                }
+                if ($#a < 2) {
+                        # Existence will be proven later, in do_defs
+                        $ret{$a[0]}=$a[1];
+                        $num_noinfo++;
+                } else {
+                        $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
+                }
                 $max_num = $a[1] if $a[1] > $max_num;
+                $prev=$a[0];
+        }
+        if ($num_noinfo) {
+                print STDERR "Warning: $num_noinfo symbols were without info.";
+                if ($do_rewrite) {
+                        printf STDERR "  The rewrite will fix this.\n";
+                } else {
+                        printf STDERR "  You should do a rewrite to fix this.\n";
+                }
         }
         close(IN);
         return(%ret);
 }
 
+sub parse_number
+{
+        (my $str, my $what) = @_;
+        (my $n, my $i) = split(/\\/,$str);
+        if ($what eq "n") {
+                return $n;
+        } else {
+                return $i;
+        }
+}
+
+sub rewrite_numbers
+{
+        (*OUT,$name,*nums,@symbols)=@_;
+        my $thing;
+
+        print STDERR "Rewriting $name\n";
+
+        my @r = grep(/^\w+\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+
+        my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+        foreach $sym (@s) {
+                (my $n, my $i) = split /\\/, $nums{$sym};
+                next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                $i="NOEXIST::FUNCTION:" if !defined($i) || $i eq "";
+                printf OUT "%s%-40s%d\t%s\n","",$sym,$n,$i;
+                if (exists $r{$sym}) {
+                        (my $s, $i) = split /\\/,$r{$sym};
+                        printf OUT "%s%-40s%d\t%s\n","",$s,$n,$i;
+                }
+        }
+}
+
 sub update_numbers
 {
-        (*OUT,$name,*nums,my $start_num, my @functions)=@_;
-        my $new_funcs = 0;
-        print STDERR "Updating $name\n";
-        foreach $func (@functions) {
-                if (!exists $nums{$func}) {
-                        $new_funcs++;
-                        printf OUT "%s%-40s%d\n","",$func, ++$start_num;
+        (*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+        my $new_syms = 0;
+
+        print STDERR "Updating $name numbers\n";
+
+        my @r = grep(/^\w+\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                die "ERROR: Symbol $sym had no info attached to it."
+                    if $i eq "";
+                if (!exists $nums{$s}) {
+                        $new_syms++;
+                        printf OUT "%s%-40s%d\t%s\n","",$s, ++$start_num,$i;
+                        if (exists $r{$s}) {
+                                ($s, $i) = split /\\/,$r{$s};
+                                printf OUT "%s%-40s%d\t%s\n","",$s, $start_num,$i;
+                        }
                 }
         }
-        if($new_funcs) {
-                print STDERR "$new_funcs New Functions added\n";
+        if($new_syms) {
+                print STDERR "$new_syms New symbols added\n";
         } else {
-                print STDERR "No New Functions Added\n";
+                print STDERR "No New symbols Added\n";
         }
 }
+
+sub check_existing
+{
+        (*nums, my @symbols)=@_;
+        my %existing; my @remaining;
+        @remaining=();
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                $existing{$s}=1;
+        }
+        foreach $sym (keys %nums) {
+                if (!exists $existing{$sym}) {
+                        push @remaining, $sym;
+                }
+        }
+        if(@remaining) {
+                print STDERR "The following symbols do not seem to exist:\n";
+                foreach $sym (@remaining) {
+                        print STDERR "\t",$sym,"\n";
+                }
+        }
+}
+
diff --git a/src/lib/libssl/src/util/mkerr.pl b/src/lib/libssl/src/util/mkerr.pl
index 8e18f3c2df..7d98b5234d 100644
--- a/src/lib/libssl/src/util/mkerr.pl
+++ b/src/lib/libssl/src/util/mkerr.pl
@@ -38,7 +38,7 @@ while (@ARGV) {
 }
 
 if($recurse) {
-        @source = (<crypto/*.c>, <crypto/*/*.c>, ,<rsaref/*.c>, <ssl/*.c>);
+        @source = (<crypto/*.c>, <crypto/*/*.c>, <rsaref/*.c>, <ssl/*.c>);
 } else {
         @source = @ARGV;
 }
@@ -79,8 +79,11 @@ while (($lib, $hdr) = each %hinc)
         next if($hdr eq "NONE");
         print STDERR "Scanning header file $hdr\n" if $debug; 
         open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
-        my $line = "", $def= "";
+        my $line = "", $def= "", $linenr = 0;
         while(<IN>) {
+            $linenr++;
+            print STDERR "line: $linenr\r" if $debug;
+
             last if(/BEGIN\s+ERROR\s+CODES/);
             if ($line ne '') {
                 $_ = $line . $_;
@@ -110,7 +113,12 @@ while (($lib, $hdr) = each %hinc)
             }
         }
 
+        print STDERR "                                  \r" if $debug;
+        $defnr = 0;
         foreach (split /;/, $def) {
+            $defnr++;
+            print STDERR "def: $defnr\r" if $debug;
+
             s/^[\n\s]*//g;
             s/[\n\s]*$//g;
             next if(/typedef\W/);
@@ -136,6 +144,8 @@ while (($lib, $hdr) = each %hinc)
             }
         }
 
+        print STDERR "                                  \r" if $debug;
+
         next if $reindex;
 
         # Scan function and reason codes and store them: keep a note of the
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl
index 6fa424bd19..470feea76f 100644
--- a/src/lib/libssl/src/util/mkfiles.pl
+++ b/src/lib/libssl/src/util/mkfiles.pl
@@ -10,6 +10,7 @@ my @dirs = (
 ".",
 "crypto",
 "crypto/md2",
+"crypto/md4",
 "crypto/md5",
 "crypto/sha",
 "crypto/mdc2",
@@ -25,6 +26,7 @@ my @dirs = (
 "crypto/bn",
 "crypto/rsa",
 "crypto/dsa",
+"crypto/dso",
 "crypto/dh",
 "crypto/buffer",
 "crypto/bio",
@@ -43,6 +45,7 @@ my @dirs = (
 "crypto/pkcs7",
 "crypto/pkcs12",
 "crypto/comp",
+"crypto/engine",
 "ssl",
 "rsaref",
 "apps",
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl
index de555820ec..d7b997ada7 100644
--- a/src/lib/libssl/src/util/mklink.pl
+++ b/src/lib/libssl/src/util/mklink.pl
@@ -49,7 +49,7 @@ my $to = join('/', @to_path);
 
 my $file;
 foreach $file (@files) {
-#    print "ln -s $to/$file $from/$file\n";
-    symlink("$to/$file", "$from/$file");
-    print $file . " => $from/$file\n";
+    my $err = "";
+    symlink("$to/$file", "$from/$file") or $err = " [$!]";
+    print $file . " => $from/$file$err\n";
 }
diff --git a/src/lib/libssl/src/util/mkstack.pl b/src/lib/libssl/src/util/mkstack.pl
new file mode 100644
index 0000000000..3ee13fe7c9
--- /dev/null
+++ b/src/lib/libssl/src/util/mkstack.pl
@@ -0,0 +1,124 @@
+#!/usr/local/bin/perl -w
+
+# This is a utility that searches out "DECLARE_STACK_OF()"
+# declarations in .h and .c files, and updates/creates/replaces
+# the corresponding macro declarations in crypto/stack/safestack.h.
+# As it's not generally possible to have macros that generate macros,
+# we need to control this from the "outside", here in this script.
+#
+# Geoff Thorpe, June, 2000 (with massive Perl-hacking
+#                           help from Steve Robb)
+
+my $safestack = "crypto/stack/safestack";
+
+my $do_write;
+while (@ARGV) {
+        my $arg = $ARGV[0];
+        if($arg eq "-write") {
+                $do_write = 1;
+        }
+        shift @ARGV;
+}
+
+
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <rsaref/*.[ch]>, <ssl/*.[ch]>);
+foreach $file (@source) {
+        next if -l $file;
+
+        # Open the .c/.h file for reading
+        open(IN, "< $file") || die "Can't open $file for reading: $!";
+
+        while(<IN>) {
+                if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
+                        push @stacklst, $1;
+                } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
+                        push @asn1setlst, $1;
+                } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
+                        push @p12stklst, $1;
+                }
+        }
+        close(IN);
+}
+
+
+
+my $old_stackfile = "";
+my $new_stackfile = "";
+my $inside_block = 0;
+my $type_thing;
+
+open(IN, "< $safestack.h") || die "Can't open input file: $!";
+while(<IN>) {
+        $old_stackfile .= $_;
+
+        if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) {
+                $inside_block = 1;
+        }
+        if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) {
+                $inside_block = 0;
+        } elsif ($inside_block == 0) {
+                $new_stackfile .= $_;
+        }
+        next if($inside_block != 1);
+        $new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */";
+                
+        foreach $type_thing (sort @stacklst) {
+                $new_stackfile .= <<EOF;
+
+#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
+#define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
+#define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
+#define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
+#define sk_${type_thing}_value(st, i) SKM_sk_value($type_thing, (st), (i))
+#define sk_${type_thing}_set(st, i, val) SKM_sk_set($type_thing, (st), (i), (val))
+#define sk_${type_thing}_zero(st) SKM_sk_zero($type_thing, (st))
+#define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
+#define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
+#define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
+#define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
+#define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
+#define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
+#define sk_${type_thing}_set_cmp_func(st, cmp) SKM_sk_set_cmp_func($type_thing, (st), (cmp))
+#define sk_${type_thing}_dup(st) SKM_sk_dup($type_thing, st)
+#define sk_${type_thing}_pop_free(st, free_func) SKM_sk_pop_free($type_thing, (st), (free_func))
+#define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st))
+#define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st))
+#define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st))
+EOF
+        }
+        foreach $type_thing (sort @asn1setlst) {
+                $new_stackfile .= <<EOF;
+
+#define d2i_ASN1_SET_OF_${type_thing}(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \\
+        SKM_ASN1_SET_OF_d2i($type_thing, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_${type_thing}(st, pp, i2d_func, ex_tag, ex_class, is_set) \\
+        SKM_ASN1_SET_OF_i2d($type_thing, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_${type_thing}(st, i2d_func, buf, len) \\
+        SKM_ASN1_seq_pack($type_thing, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_${type_thing}(buf, len, d2i_func, free_func) \\
+        SKM_ASN1_seq_unpack($type_thing, (buf), (len), (d2i_func), (free_func))
+EOF
+        }
+        foreach $type_thing (sort @p12stklst) {
+                $new_stackfile .= <<EOF;
+
+#define PKCS12_decrypt_d2i_${type_thing}(algor, d2i_func, free_func, pass, passlen, oct, seq) \\
+        SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+EOF
+        }
+        $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
+        $inside_block = 2;
+}
+
+
+if ($new_stackfile eq $old_stackfile) {
+        print "No changes to $safestack.h.\n";
+        exit 0; # avoid unnecessary rebuild
+}
+
+if ($do_write) {
+        print "Writing new $safestack.h.\n";
+        open OUT, ">$safestack.h" || die "Can't open output file";
+        print OUT $new_stackfile;
+        close OUT;
+}
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
index 7f57809a16..20cb3a9c50 100644
--- a/src/lib/libssl/src/util/pl/BC-32.pl
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -19,7 +19,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
diff --git a/src/lib/libssl/src/util/pl/Mingw32.pl b/src/lib/libssl/src/util/pl/Mingw32.pl
index c687d9b118..37f36126f3 100644
--- a/src/lib/libssl/src/util/pl/Mingw32.pl
+++ b/src/lib/libssl/src/util/pl/Mingw32.pl
@@ -17,9 +17,9 @@ $mkdir='gmkdir';
 
 $cc='gcc';
 if ($debug)
-        { $cflags="-DL_ENDIAN -g2 -ggdb"; }
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
 else
-        { $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; }
 
 if ($gaswin and !$no_asm)
         {
diff --git a/src/lib/libssl/src/util/pl/Mingw32f.pl b/src/lib/libssl/src/util/pl/Mingw32f.pl
index a53c537646..44f5673d7a 100644
--- a/src/lib/libssl/src/util/pl/Mingw32f.pl
+++ b/src/lib/libssl/src/util/pl/Mingw32f.pl
@@ -11,9 +11,9 @@ $rm='del';
 
 $cc='gcc';
 if ($debug)
-        { $cflags="-g2 -ggdb"; }
+        { $cflags="-g2 -ggdb -DDSO_WIN32"; }
 else
-        { $cflags="-O3 -fomit-frame-pointer"; }
+        { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
 
 $obj='.o';
 $ofile='-o ';
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index 046f0e253c..7c6674b971 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -12,7 +12,7 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -22,7 +22,7 @@ $inc_def="inc32";
 
 if ($debug)
         {
-        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
         $lflags.=" /debug";
         $mlflags.=' /debug';
         }
@@ -112,7 +112,8 @@ sub do_lib_rule
         if (!$shlib)
                 {
 #               $ret.="\t\$(RM) \$(O_$Name)\n";
-                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+                $ex =' advapi32.lib';
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
                 }
         else
                 {
diff --git a/src/lib/libssl/src/util/pl/linux.pl b/src/lib/libssl/src/util/pl/linux.pl
index a8cfdc578a..8924ed5480 100644
--- a/src/lib/libssl/src/util/pl/linux.pl
+++ b/src/lib/libssl/src/util/pl/linux.pl
@@ -12,6 +12,8 @@ $rm='/bin/rm -f';
 $cc='gcc';
 if ($debug)
         { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+        { $cflags="-pg -O3"; }
 else
         { $cflags="-O3 -fomit-frame-pointer"; }
 
@@ -19,6 +21,8 @@ if (!$no_asm)
         {
         $bn_asm_obj='$(OBJ_D)/bn86-elf.o';
         $bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+        $bnco_asm_obj='$(OBJ_D)/co86-elf.o';
+        $bnco_asm_src='crypto/bn/asm/co86unix.cpp';
         $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
         $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
         $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
diff --git a/src/lib/libssl/src/util/selftest.pl b/src/lib/libssl/src/util/selftest.pl
index 04b4425d7e..eb50d52ff8 100644
--- a/src/lib/libssl/src/util/selftest.pl
+++ b/src/lib/libssl/src/util/selftest.pl
@@ -19,6 +19,7 @@ my $ok=0;
 my $cc="cc";
 my $cversion="??";
 my $sep="-----------------------------------------------------------------------------\n";
+my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
 
 open(OUT,">$report") or die;
 
@@ -76,16 +77,18 @@ print OUT "\n";
 
 print "Checking compiler...\n";
 if (open(TEST,">cctest.c")) {
-    print TEST "#include <stdio.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
     close(TEST);
     system("$cc -o cctest cctest.c");
     if (`./cctest` !~ /Hello world/) {
         print OUT "Compiler doesn't work.\n";
+        print OUT $not_our_fault;
         goto err;
     }
     system("ar r cctest.a /dev/null");
     if (not -f "cctest.a") {
         print OUT "Check your archive tool (ar).\n";
+        print OUT $not_our_fault;
         goto err;
     }
 } else {
@@ -102,6 +105,7 @@ if (open(TEST,">cctest.c")) {
         } else {
             print OUT "Can't compile test program!\n";
         }
+        print OUT $not_our_fault;
         goto err;
     }
 } else {
@@ -133,6 +137,13 @@ if (/no-/)
     goto err;
 }
 
+if (`echo 4+1 | bc` != 5)
+{
+    print OUT "Can't run bc! Test skipped.\n";
+    print OUT $not_our_fault;
+    goto err;
+}
+
 print "Running make test...\n";
 if (system("make test 2>&1 | tee maketest.log") > 255)
  {
diff --git a/src/lib/libssl/src/util/sp-diff.pl b/src/lib/libssl/src/util/sp-diff.pl
index f81e50201b..9d6c60387f 100644
--- a/src/lib/libssl/src/util/sp-diff.pl
+++ b/src/lib/libssl/src/util/sp-diff.pl
@@ -11,7 +11,7 @@
 %two=&loadfile($ARGV[1]);
 
 $line=0;
-foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
         "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
         {
         if (defined($one{$a,8}) && defined($two{$a,8}))
diff --git a/src/lib/libssl/src/util/ssleay.num b/src/lib/libssl/src/util/ssleay.num
index 32b2e960c4..561bac2ec9 100644
--- a/src/lib/libssl/src/util/ssleay.num
+++ b/src/lib/libssl/src/util/ssleay.num
@@ -1,227 +1,195 @@
-ERR_load_SSL_strings                    1
-SSL_CIPHER_description                  2
-SSL_CTX_add_client_CA                   3
-SSL_CTX_add_session                     4
-SSL_CTX_check_private_key               5
-SSL_CTX_ctrl                            6
-SSL_CTX_flush_sessions                  7
-SSL_CTX_free                            8
-SSL_CTX_get_client_CA_list              9
-SSL_CTX_get_verify_callback             10
-SSL_CTX_get_verify_mode                 11
-SSL_CTX_new                             12
-SSL_CTX_remove_session                  13
-SSL_CTX_set_cert_verify_cb              14
-SSL_CTX_set_cipher_list                 15
-SSL_CTX_set_client_CA_list              16
-SSL_CTX_set_default_passwd_cb           17
-SSL_CTX_set_ssl_version                 19
-SSL_CTX_set_verify                      21
-SSL_CTX_use_PrivateKey                  22
-SSL_CTX_use_PrivateKey_ASN1             23
-SSL_CTX_use_PrivateKey_file             24
-SSL_CTX_use_RSAPrivateKey               25
-SSL_CTX_use_RSAPrivateKey_ASN1          26
-SSL_CTX_use_RSAPrivateKey_file          27
-SSL_CTX_use_certificate                 28
-SSL_CTX_use_certificate_ASN1            29
-SSL_CTX_use_certificate_file            30
-SSL_SESSION_free                        31
-SSL_SESSION_new                         32
-SSL_SESSION_print                       33
-SSL_SESSION_print_fp                    34
-SSL_accept                              35
-SSL_add_client_CA                       36
-SSL_alert_desc_string                   37
-SSL_alert_desc_string_long              38
-SSL_alert_type_string                   39
-SSL_alert_type_string_long              40
-SSL_check_private_key                   41
-SSL_clear                               42
-SSL_connect                             43
-SSL_copy_session_id                     44
-SSL_ctrl                                45
-SSL_dup                                 46
-SSL_dup_CA_list                         47
-SSL_free                                48
-SSL_get_certificate                     49
-SSL_get_cipher_list                     52
-SSL_get_ciphers                         55
-SSL_get_client_CA_list                  56
-SSL_get_default_timeout                 57
-SSL_get_error                           58
-SSL_get_fd                              59
-SSL_get_peer_cert_chain                 60
-SSL_get_peer_certificate                61
-SSL_get_rbio                            63
-SSL_get_read_ahead                      64
-SSL_get_shared_ciphers                  65
-SSL_get_ssl_method                      66
-SSL_get_verify_callback                 69
-SSL_get_verify_mode                     70
-SSL_get_version                         71
-SSL_get_wbio                            72
-SSL_load_client_CA_file                 73
-SSL_load_error_strings                  74
-SSL_new                                 75
-SSL_peek                                76
-SSL_pending                             77
-SSL_read                                78
-SSL_renegotiate                         79
-SSL_rstate_string                       80
-SSL_rstate_string_long                  81
-SSL_set_accept_state                    82
-SSL_set_bio                             83
-SSL_set_cipher_list                     84
-SSL_set_client_CA_list                  85
-SSL_set_connect_state                   86
-SSL_set_fd                              87
-SSL_set_read_ahead                      88
-SSL_set_rfd                             89
-SSL_set_session                         90
-SSL_set_ssl_method                      91
-SSL_set_verify                          94
-SSL_set_wfd                             95
-SSL_shutdown                            96
-SSL_state_string                        97
-SSL_state_string_long                   98
-SSL_use_PrivateKey                      99
-SSL_use_PrivateKey_ASN1                 100
-SSL_use_PrivateKey_file                 101
-SSL_use_RSAPrivateKey                   102
-SSL_use_RSAPrivateKey_ASN1              103
-SSL_use_RSAPrivateKey_file              104
-SSL_use_certificate                     105
-SSL_use_certificate_ASN1                106
-SSL_use_certificate_file                107
-SSL_write                               108
-SSLeay_add_ssl_algorithms               109
-SSLv23_client_method                    110
-SSLv23_method                           111
-SSLv23_server_method                    112
-SSLv2_client_method                     113
-SSLv2_method                            114
-SSLv2_server_method                     115
-SSLv3_client_method                     116
-SSLv3_method                            117
-SSLv3_server_method                     118
-d2i_SSL_SESSION                         119
-i2d_SSL_SESSION                         120
-BIO_f_ssl                               121
-BIO_new_ssl                             122
-BIO_proxy_ssl_copy_session_id           123
-BIO_ssl_copy_session_id                 124
-SSL_do_handshake                        125
-SSL_get_privatekey                      126
-SSL_get_current_cipher                  127
-SSL_CIPHER_get_bits                     128
-SSL_CIPHER_get_version                  129
-SSL_CIPHER_get_name                     130
-BIO_ssl_shutdown                        131
-SSL_SESSION_cmp                         132
-SSL_SESSION_hash                        133
-SSL_SESSION_get_time                    134
-SSL_SESSION_set_time                    135
-SSL_SESSION_get_timeout                 136
-SSL_SESSION_set_timeout                 137
-SSL_CTX_get_ex_data                     138
-SSL_CTX_get_quiet_shutdown              140
-SSL_CTX_load_verify_locations           141
-SSL_CTX_set_default_verify_paths        142
-SSL_CTX_set_ex_data                     143
-SSL_CTX_set_quiet_shutdown              145
-SSL_SESSION_get_ex_data                 146
-SSL_SESSION_set_ex_data                 148
-SSL_get_SSL_CTX                         150
-SSL_get_ex_data                         151
-SSL_get_quiet_shutdown                  153
-SSL_get_session                         154
-SSL_get_shutdown                        155
-SSL_get_verify_result                   157
-SSL_set_ex_data                         158
-SSL_set_info_callback                   160
-SSL_set_quiet_shutdown                  161
-SSL_set_shutdown                        162
-SSL_set_verify_result                   163
-SSL_version                             164
-SSL_get_info_callback                   165
-SSL_state                               166
-SSL_CTX_get_ex_new_index                167
-SSL_SESSION_get_ex_new_index            168
-SSL_get_ex_new_index                    169
-TLSv1_method                            170
-TLSv1_server_method                     171
-TLSv1_client_method                     172
-BIO_new_buffer_ssl_connect              173
-BIO_new_ssl_connect                     174
-SSL_get_ex_data_X509_STORE_CTX_idx      175
-SSL_CTX_set_tmp_dh_callback             176
-SSL_CTX_set_tmp_rsa_callback            177
-SSL_CTX_set_timeout                     178
-SSL_CTX_get_timeout                     179
-SSL_CTX_get_cert_store                  180
-SSL_CTX_set_cert_store                  181
-SSL_want                                182
-SSL_library_init                        183
-SSL_COMP_add_compression_method         184
-SSL_add_file_cert_subjects_to_stack     185
-SSL_set_tmp_rsa_callback                186
-SSL_set_tmp_dh_callback                 187
-SSL_add_dir_cert_subjects_to_stack      188
-SSL_set_session_id_context              189
-sk_SSL_CIPHER_new                       190
-sk_SSL_CIPHER_new_null                  191
-sk_SSL_CIPHER_free                      192
-sk_SSL_CIPHER_num                       193
-sk_SSL_CIPHER_value                     194
-sk_SSL_CIPHER_set                       195
-sk_SSL_CIPHER_zero                      196
-sk_SSL_CIPHER_push                      197
-sk_SSL_CIPHER_pop                       198
-sk_SSL_CIPHER_find                      199
-sk_SSL_CIPHER_delete                    200
-sk_SSL_CIPHER_delete_ptr                201
-sk_SSL_CIPHER_set_cmp_func              202
-sk_SSL_CIPHER_dup                       203
-sk_SSL_CIPHER_pop_free                  204
-sk_SSL_CIPHER_shift                     205
-sk_SSL_COMP_new                         206
-sk_SSL_COMP_new_null                    207
-sk_SSL_COMP_free                        208
-sk_SSL_COMP_num                         209
-sk_SSL_COMP_value                       210
-sk_SSL_COMP_set                         211
-sk_SSL_COMP_zero                        212
-sk_SSL_COMP_push                        213
-sk_SSL_COMP_pop                         214
-sk_SSL_COMP_find                        215
-sk_SSL_COMP_delete                      216
-sk_SSL_COMP_delete_ptr                  217
-sk_SSL_COMP_set_cmp_func                218
-sk_SSL_COMP_dup                         219
-sk_SSL_COMP_pop_free                    220
-sk_SSL_COMP_shift                       221
-SSL_CTX_use_certificate_chain_file      222
-sk_SSL_COMP_insert                      223
-sk_SSL_CIPHER_insert                    224
-SSL_CTX_set_verify_depth                225
-SSL_set_verify_depth                    226
-sk_SSL_CIPHER_unshift                   227
-SSL_CTX_get_verify_depth                228
-SSL_get_verify_depth                    229
-sk_SSL_COMP_unshift                     230
-SSL_CTX_set_session_id_context          231
-SSL_CTX_set_cert_verify_callback        232
-sk_SSL_COMP_sort                        233
-sk_SSL_CIPHER_sort                      234
-SSL_CTX_set_default_passwd_cb_userdata  235
-SSL_set_purpose                         236
-SSL_CTX_set_trust                       237
-SSL_CTX_set_purpose                     238
-SSL_set_trust                           239
-SSL_get_finished                        240
-SSL_get_peer_finished                   241
-SSL_get1_session                        242
-SSL_CTX_callback_ctrl                   243
-SSL_callback_ctrl                       244
-SSL_CTX_sessions                        245
+ERR_load_SSL_strings                    1       EXIST::FUNCTION:
+SSL_CIPHER_description                  2       EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   3       EXIST::FUNCTION:
+SSL_CTX_add_session                     4       EXIST::FUNCTION:
+SSL_CTX_check_private_key               5       EXIST::FUNCTION:
+SSL_CTX_ctrl                            6       EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  7       EXIST::FUNCTION:
+SSL_CTX_free                            8       EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              9       EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             10      EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 11      EXIST::FUNCTION:
+SSL_CTX_new                             12      EXIST::FUNCTION:
+SSL_CTX_remove_session                  13      EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 15      EXIST::FUNCTION:
+SSL_CTX_set_client_CA_list              16      EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           17      EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 19      EXIST::FUNCTION:
+SSL_CTX_set_verify                      21      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  22      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_ASN1             23      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24      EXIST::FUNCTION:
+SSL_CTX_use_RSAPrivateKey               25      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1          26      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27      EXIST::FUNCTION:RSA
+SSL_CTX_use_certificate                 28      EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            29      EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30      EXIST::FUNCTION:
+SSL_SESSION_free                        31      EXIST::FUNCTION:
+SSL_SESSION_new                         32      EXIST::FUNCTION:
+SSL_SESSION_print                       33      EXIST::FUNCTION:
+SSL_SESSION_print_fp                    34      EXIST::FUNCTION:FP_API
+SSL_accept                              35      EXIST::FUNCTION:
+SSL_add_client_CA                       36      EXIST::FUNCTION:
+SSL_alert_desc_string                   37      EXIST::FUNCTION:
+SSL_alert_desc_string_long              38      EXIST::FUNCTION:
+SSL_alert_type_string                   39      EXIST::FUNCTION:
+SSL_alert_type_string_long              40      EXIST::FUNCTION:
+SSL_check_private_key                   41      EXIST::FUNCTION:
+SSL_clear                               42      EXIST::FUNCTION:
+SSL_connect                             43      EXIST::FUNCTION:
+SSL_copy_session_id                     44      EXIST::FUNCTION:
+SSL_ctrl                                45      EXIST::FUNCTION:
+SSL_dup                                 46      EXIST::FUNCTION:
+SSL_dup_CA_list                         47      EXIST::FUNCTION:
+SSL_free                                48      EXIST::FUNCTION:
+SSL_get_certificate                     49      EXIST::FUNCTION:
+SSL_get_cipher_list                     52      EXIST::FUNCTION:
+SSL_get_ciphers                         55      EXIST::FUNCTION:
+SSL_get_client_CA_list                  56      EXIST::FUNCTION:
+SSL_get_default_timeout                 57      EXIST::FUNCTION:
+SSL_get_error                           58      EXIST::FUNCTION:
+SSL_get_fd                              59      EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 60      EXIST::FUNCTION:
+SSL_get_peer_certificate                61      EXIST::FUNCTION:
+SSL_get_rbio                            63      EXIST::FUNCTION:
+SSL_get_read_ahead                      64      EXIST::FUNCTION:
+SSL_get_shared_ciphers                  65      EXIST::FUNCTION:
+SSL_get_ssl_method                      66      EXIST::FUNCTION:
+SSL_get_verify_callback                 69      EXIST::FUNCTION:
+SSL_get_verify_mode                     70      EXIST::FUNCTION:
+SSL_get_version                         71      EXIST::FUNCTION:
+SSL_get_wbio                            72      EXIST::FUNCTION:
+SSL_load_client_CA_file                 73      EXIST::FUNCTION:
+SSL_load_error_strings                  74      EXIST::FUNCTION:
+SSL_new                                 75      EXIST::FUNCTION:
+SSL_peek                                76      EXIST::FUNCTION:
+SSL_pending                             77      EXIST::FUNCTION:
+SSL_read                                78      EXIST::FUNCTION:
+SSL_renegotiate                         79      EXIST::FUNCTION:
+SSL_rstate_string                       80      EXIST::FUNCTION:
+SSL_rstate_string_long                  81      EXIST::FUNCTION:
+SSL_set_accept_state                    82      EXIST::FUNCTION:
+SSL_set_bio                             83      EXIST::FUNCTION:
+SSL_set_cipher_list                     84      EXIST::FUNCTION:
+SSL_set_client_CA_list                  85      EXIST::FUNCTION:
+SSL_set_connect_state                   86      EXIST::FUNCTION:
+SSL_set_fd                              87      EXIST::FUNCTION:
+SSL_set_read_ahead                      88      EXIST::FUNCTION:
+SSL_set_rfd                             89      EXIST::FUNCTION:
+SSL_set_session                         90      EXIST::FUNCTION:
+SSL_set_ssl_method                      91      EXIST::FUNCTION:
+SSL_set_verify                          94      EXIST::FUNCTION:
+SSL_set_wfd                             95      EXIST::FUNCTION:
+SSL_shutdown                            96      EXIST::FUNCTION:
+SSL_state_string                        97      EXIST::FUNCTION:
+SSL_state_string_long                   98      EXIST::FUNCTION:
+SSL_use_PrivateKey                      99      EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 100     EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101     EXIST::FUNCTION:
+SSL_use_RSAPrivateKey                   102     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1              103     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104     EXIST::FUNCTION:RSA
+SSL_use_certificate                     105     EXIST::FUNCTION:
+SSL_use_certificate_ASN1                106     EXIST::FUNCTION:
+SSL_use_certificate_file                107     EXIST::FUNCTION:
+SSL_write                               108     EXIST::FUNCTION:
+SSLeay_add_ssl_algorithms               109     NOEXIST::FUNCTION:
+SSLv23_client_method                    110     EXIST::FUNCTION:RSA
+SSLv23_method                           111     EXIST::FUNCTION:RSA
+SSLv23_server_method                    112     EXIST::FUNCTION:RSA
+SSLv2_client_method                     113     EXIST::FUNCTION:RSA
+SSLv2_method                            114     EXIST::FUNCTION:RSA
+SSLv2_server_method                     115     EXIST::FUNCTION:RSA
+SSLv3_client_method                     116     EXIST::FUNCTION:
+SSLv3_method                            117     EXIST::FUNCTION:
+SSLv3_server_method                     118     EXIST::FUNCTION:
+d2i_SSL_SESSION                         119     EXIST::FUNCTION:
+i2d_SSL_SESSION                         120     EXIST::FUNCTION:
+BIO_f_ssl                               121     EXIST::FUNCTION:
+BIO_new_ssl                             122     EXIST::FUNCTION:
+BIO_proxy_ssl_copy_session_id           123     NOEXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124     EXIST::FUNCTION:
+SSL_do_handshake                        125     EXIST::FUNCTION:
+SSL_get_privatekey                      126     EXIST::FUNCTION:
+SSL_get_current_cipher                  127     EXIST::FUNCTION:
+SSL_CIPHER_get_bits                     128     EXIST::FUNCTION:
+SSL_CIPHER_get_version                  129     EXIST::FUNCTION:
+SSL_CIPHER_get_name                     130     EXIST::FUNCTION:
+BIO_ssl_shutdown                        131     EXIST::FUNCTION:
+SSL_SESSION_cmp                         132     EXIST::FUNCTION:
+SSL_SESSION_hash                        133     EXIST::FUNCTION:
+SSL_SESSION_get_time                    134     EXIST::FUNCTION:
+SSL_SESSION_set_time                    135     EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 136     EXIST::FUNCTION:
+SSL_SESSION_set_timeout                 137     EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     138     EXIST::FUNCTION:
+SSL_CTX_get_quiet_shutdown              140     EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           141     EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        142     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_verify_paths            142     EXIST:VMS:FUNCTION:
+SSL_CTX_set_ex_data                     143     EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              145     EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 146     EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 148     EXIST::FUNCTION:
+SSL_get_SSL_CTX                         150     EXIST::FUNCTION:
+SSL_get_ex_data                         151     EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  153     EXIST::FUNCTION:
+SSL_get_session                         154     EXIST::FUNCTION:
+SSL_get_shutdown                        155     EXIST::FUNCTION:
+SSL_get_verify_result                   157     EXIST::FUNCTION:
+SSL_set_ex_data                         158     EXIST::FUNCTION:
+SSL_set_info_callback                   160     EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  161     EXIST::FUNCTION:
+SSL_set_shutdown                        162     EXIST::FUNCTION:
+SSL_set_verify_result                   163     EXIST::FUNCTION:
+SSL_version                             164     EXIST::FUNCTION:
+SSL_get_info_callback                   165     EXIST::FUNCTION:
+SSL_state                               166     EXIST::FUNCTION:
+SSL_CTX_get_ex_new_index                167     EXIST::FUNCTION:
+SSL_SESSION_get_ex_new_index            168     EXIST::FUNCTION:
+SSL_get_ex_new_index                    169     EXIST::FUNCTION:
+TLSv1_method                            170     EXIST::FUNCTION:
+TLSv1_server_method                     171     EXIST::FUNCTION:
+TLSv1_client_method                     172     EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173     EXIST::FUNCTION:
+BIO_new_ssl_connect                     174     EXIST::FUNCTION:
+SSL_get_ex_data_X509_STORE_CTX_idx      175     EXIST:!VMS:FUNCTION:
+SSL_get_ex_d_X509_STORE_CTX_idx         175     EXIST:VMS:FUNCTION:
+SSL_CTX_set_tmp_dh_callback             176     EXIST::FUNCTION:DH
+SSL_CTX_set_tmp_rsa_callback            177     EXIST::FUNCTION:RSA
+SSL_CTX_set_timeout                     178     EXIST::FUNCTION:
+SSL_CTX_get_timeout                     179     EXIST::FUNCTION:
+SSL_CTX_get_cert_store                  180     EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  181     EXIST::FUNCTION:
+SSL_want                                182     EXIST::FUNCTION:
+SSL_library_init                        183     EXIST::FUNCTION:
+SSL_COMP_add_compression_method         184     EXIST::FUNCTION:
+SSL_add_file_cert_subjects_to_stack     185     EXIST:!VMS:FUNCTION:
+SSL_add_file_cert_subjs_to_stk          185     EXIST:VMS:FUNCTION:
+SSL_set_tmp_rsa_callback                186     EXIST::FUNCTION:RSA
+SSL_set_tmp_dh_callback                 187     EXIST::FUNCTION:DH
+SSL_add_dir_cert_subjects_to_stack      188     NOEXIST::FUNCTION:
+SSL_add_dir_cert_subjs_to_stk           188     EXIST:VMS:FUNCTION:
+SSL_set_session_id_context              189     EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      222     EXIST:!VMS:FUNCTION:
+SSL_CTX_use_cert_chain_file             222     EXIST:VMS:FUNCTION:
+SSL_CTX_set_verify_depth                225     EXIST::FUNCTION:
+SSL_set_verify_depth                    226     EXIST::FUNCTION:
+SSL_CTX_get_verify_depth                228     EXIST::FUNCTION:
+SSL_get_verify_depth                    229     EXIST::FUNCTION:
+SSL_CTX_set_session_id_context          231     EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        232     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_cert_verify_cb              232     EXIST:VMS:FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  235     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_passwd_cb_ud            235     EXIST:VMS:FUNCTION:
+SSL_set_purpose                         236     EXIST::FUNCTION:
+SSL_CTX_set_trust                       237     EXIST::FUNCTION:
+SSL_CTX_set_purpose                     238     EXIST::FUNCTION:
+SSL_set_trust                           239     EXIST::FUNCTION:
+SSL_get_finished                        240     EXIST::FUNCTION:
+SSL_get_peer_finished                   241     EXIST::FUNCTION:
+SSL_get1_session                        242     EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   243     EXIST::FUNCTION:
+SSL_callback_ctrl                       244     EXIST::FUNCTION:
+SSL_CTX_sessions                        245     EXIST::FUNCTION:
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index bb846f491c..fdbdc70ba7 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -59,12 +59,21 @@
 #ifndef HEADER_SSL_H 
 #define HEADER_SSL_H 
 
+#ifndef NO_COMP
+#include <openssl/comp.h>
+#endif
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef NO_X509
+#include <openssl/x509.h>
+#endif
+#include <openssl/safestack.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <openssl/safestack.h>
-
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
  * Version 1 - added the optional peer certificate
@@ -140,6 +149,10 @@ extern "C" {
 #define SSL_SENT_SHUTDOWN       1
 #define SSL_RECEIVED_SHUTDOWN   2
 
+#ifdef __cplusplus
+}
+#endif
+
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 #include <openssl/buffer.h>
@@ -147,6 +160,10 @@ extern "C" {
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
 #define NO_SSL2
 #endif
@@ -318,6 +335,9 @@ typedef struct ssl_session_st
  * the misconception that non-blocking SSL_write() behaves like
  * non-blocking write(): */
 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -343,15 +363,15 @@ typedef struct ssl_session_st
 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
 
 typedef struct ssl_comp_st
-{
-    int id;
-    char *name;
-#ifdef HEADER_COMP_H
-    COMP_METHOD *method;
+        {
+        int id;
+        char *name;
+#ifndef NO_COMP
+        COMP_METHOD *method;
 #else
-    char *method;
+        char *method;
 #endif
-} SSL_COMP;
+        } SSL_COMP;
 
 DECLARE_STACK_OF(SSL_COMP)
 
@@ -533,10 +553,10 @@ struct ssl_st
          * same.  This is so data can be read and written to different
          * handlers */
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
         BIO *rbio; /* used by SSL_read */
         BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatinate
+        BIO *bbio; /* used during session-id reuse to concatenate
                     * messages */
 #else
         char *rbio; /* used by SSL_read */
@@ -597,7 +617,7 @@ struct ssl_st
 
         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
         const EVP_MD *read_hash;                /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
         COMP_CTX *expand;                       /* uncompress */
 #else
         char *expand;
@@ -605,7 +625,7 @@ struct ssl_st
 
         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
         const EVP_MD *write_hash;               /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
         COMP_CTX *compress;                     /* compression */
 #else
         char *compress; 
@@ -655,11 +675,19 @@ struct ssl_st
                                  * SSLv3/TLS rollback check */
         };
 
+#ifdef __cplusplus
+}
+#endif
+
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
 #include <openssl/ssl23.h>
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* compatibility */
 #define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
 #define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
@@ -883,7 +911,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
 #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -920,7 +948,7 @@ int	SSL_set_fd(SSL *s, int fd);
 int     SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
 BIO *   SSL_get_rbio(SSL *s);
 BIO *   SSL_get_wbio(SSL *s);
@@ -975,7 +1003,7 @@ int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
 #ifndef NO_FP_API
 int     SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
 int     SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
@@ -1171,7 +1199,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
                                            int keylength));
 #endif
 
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 int SSL_COMP_add_compression_method(int id,char *cm);
@@ -1443,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_READ_WRONG_PACKET_TYPE                     212
 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
 #define SSL_R_RECORD_TOO_LARGE                           214
+#define SSL_R_RECORD_TOO_SMALL                           1093
 #define SSL_R_REQUIRED_CIPHER_MISSING                    215
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version
index c87e1c60d4..c29621c831 100644
--- a/src/lib/libssl/ssl/shlib_version
+++ b/src/lib/libssl/ssl/shlib_version
@@ -1,2 +1,2 @@
 major=2
-minor=4
+minor=5
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
index 01d41c88c5..df7d03c18f 100644
--- a/src/lib/libssl/ssl2.h
+++ b/src/lib/libssl/ssl2.h
@@ -133,7 +133,11 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
+#ifdef MPE
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    (unsigned int)29998
+#else
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    (unsigned int)32767 
+#endif
 #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /**/
 
 #define SSL2_CHALLENGE_LENGTH   16
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index f616763830..7ee1feaa67 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -59,6 +59,9 @@
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
+#ifndef NO_COMP
+#include <openssl/comp.h>
+#endif
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
@@ -310,7 +313,7 @@ typedef struct ssl3_state_st
 
                 const EVP_CIPHER *new_sym_enc;
                 const EVP_MD *new_hash;
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
                 const SSL_COMP *new_compression;
 #else
                 char *new_compression;
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index e77cdddfd3..fa6456e4f5 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -92,7 +92,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 
         /* Note that I cheat in the following 2 assignments.  I know
          * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
-         * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+         * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
          * This is a bit evil but makes things simple, no dynamic allocation
          * to clean up :-) */
         a.version.length=LSIZE2;
@@ -223,13 +223,13 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         ai.data=NULL; ai.length=0;
         M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
         version=(int)ASN1_INTEGER_get(aip);
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         /* we don't care about the version right now :-) */
         M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
         ssl_version=(int)ASN1_INTEGER_get(aip);
         ret->ssl_version=ssl_version;
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
         os.data=NULL; os.length=0;
         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -291,14 +291,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         else
                 ret->key_arg_length=os.length;
         memcpy(ret->key_arg,os.data,ret->key_arg_length);
-        if (os.data != NULL) Free(os.data);
+        if (os.data != NULL) OPENSSL_free(os.data);
 
         ai.length=0;
         M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
         if (ai.data != NULL)
                 {
                 ret->time=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->time=time(NULL);
@@ -308,7 +308,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         if (ai.data != NULL)
                 {
                 ret->timeout=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->timeout=3;
@@ -330,7 +330,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
             ret->sid_ctx_length=os.length;
             memcpy(ret->sid_ctx,os.data,os.length);
-            Free(os.data); os.data=NULL; os.length=0;
+            OPENSSL_free(os.data); os.data=NULL; os.length=0;
             }
         else
             ret->sid_ctx_length=0;
@@ -340,7 +340,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
         if (ai.data != NULL)
                 {
                 ret->verify_result=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                 }
         else
                 ret->verify_result=X509_V_OK;
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index f2335d5650..c26df62c20 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -143,7 +143,7 @@ CERT *ssl_cert_new(void)
         {
         CERT *ret;
 
-        ret=(CERT *)Malloc(sizeof(CERT));
+        ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
@@ -162,7 +162,7 @@ CERT *ssl_cert_dup(CERT *cert)
         CERT *ret;
         int i;
 
-        ret = (CERT *)Malloc(sizeof(CERT));
+        ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
@@ -331,7 +331,7 @@ void ssl_cert_free(CERT *c)
                         EVP_PKEY_free(c->pkeys[i].publickey);
 #endif
                 }
-        Free(c);
+        OPENSSL_free(c);
         }
 
 int ssl_cert_inst(CERT **o)
@@ -367,7 +367,7 @@ SESS_CERT *ssl_sess_cert_new(void)
         {
         SESS_CERT *ret;
 
-        ret = Malloc(sizeof *ret);
+        ret = OPENSSL_malloc(sizeof *ret);
         if (ret == NULL)
                 {
                 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
@@ -426,7 +426,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)
                 DH_free(sc->peer_dh_tmp);
 #endif
 
-        Free(sc);
+        OPENSSL_free(sc);
         }
 
 int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
@@ -568,7 +568,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
         return(add_client_CA(&(ctx->client_CA),x));
         }
 
-static int xname_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
         {
         return(X509_NAME_cmp(*a,*b));
         }
@@ -589,7 +589,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
         X509_NAME *xn=NULL;
         STACK_OF(X509_NAME) *ret,*sk;
 
-        ret=sk_X509_NAME_new(NULL);
+        ret=sk_X509_NAME_new_null();
         sk=sk_X509_NAME_new(xname_cmp);
 
         in=BIO_new(BIO_s_file_internal());
@@ -644,53 +644,53 @@ err:
 
 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file)
-    {
-    BIO *in;
-    X509 *x=NULL;
-    X509_NAME *xn=NULL;
-    int ret=1;
-    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
-
-    oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-
-    in=BIO_new(BIO_s_file_internal());
-
-    if (in == NULL)
         {
-        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-        goto err;
-        }
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        int ret=1;
+        int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
         
-    if (!BIO_read_filename(in,file))
-        goto err;
-
-    for (;;)
-        {
-        if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-            break;
-        if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-        xn=X509_NAME_dup(xn);
-        if (xn == NULL) goto err;
-        if (sk_X509_NAME_find(stack,xn) >= 0)
-            X509_NAME_free(xn);
-        else
-            sk_X509_NAME_push(stack,xn);
-        }
+        oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
+        
+        in=BIO_new(BIO_s_file_internal());
+        
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_X509_NAME_find(stack,xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        sk_X509_NAME_push(stack,xn);
+                }
 
-    if (0)
-        {
+        if (0)
+                {
 err:
-        ret=0;
-        }
-    if(in != NULL)
-        BIO_free(in);
-    if(x != NULL)
-        X509_free(x);
-
-    sk_X509_NAME_set_cmp_func(stack,oldcmp);
+                ret=0;
+                }
+        if(in != NULL)
+                BIO_free(in);
+        if(x != NULL)
+                X509_free(x);
+        
+        sk_X509_NAME_set_cmp_func(stack,oldcmp);
 
-    return ret;
-    }
+        return ret;
+        }
 
 /*!
  * Add a directory of certs to a stack.
@@ -709,44 +709,46 @@ err:
 
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir)
-    {
-    DIR *d;
-    struct dirent *dstruct;
-    int ret = 0;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-    d = opendir(dir);
-
-    /* Note that a side effect is that the CAs will be sorted by name */
-    if(!d)
         {
-        SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-        ERR_add_error_data(3, "opendir('", dir, "')");
-        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-        goto err;
-        }
+        DIR *d;
+        struct dirent *dstruct;
+        int ret = 0;
 
-    while((dstruct=readdir(d)))
-        {
-        char buf[1024];
+        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+        d = opendir(dir);
 
-        if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
-            {
-            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-            goto err;
-            }
+        /* Note that a side effect is that the CAs will be sorted by name */
+        if(!d)
+                {
+                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+                ERR_add_error_data(3, "opendir('", dir, "')");
+                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+                goto err;
+                }
         
-        sprintf(buf,"%s/%s",dir,dstruct->d_name);
-        if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-            goto err;
-        }
-    ret = 1;
+        while((dstruct=readdir(d)))
+                {
+                char buf[1024];
+                int r;
+                
+                if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+                        goto err;
+                        }
+                
+                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
+                if (r <= 0 || r >= sizeof buf)
+                        goto err;
+                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+                        goto err;
+                }
+        ret = 1;
 
 err:    
-    closedir(d);
-    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-    return ret;
-    }
+        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+        return ret;
+        }
 
 #endif
 #endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 7436a50ad1..f63163f26c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -518,7 +518,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
                 curr = curr->next;
                 }
 
-        number_uses = Malloc((max_strength_bits + 1) * sizeof(int));
+        number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
         if (!number_uses)
         {
                 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
@@ -545,7 +545,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
                         ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
                                         list, head_p, tail_p);
 
-        Free(number_uses);
+        OPENSSL_free(number_uses);
         return(1);
         }
 
@@ -738,7 +738,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          * it is used for allocation.
          */
         num_of_ciphers = ssl_method->num_ciphers();
-        list = (CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+        list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
         if (list == NULL)
                 {
                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
@@ -759,10 +759,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
         num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
         ca_list =
-                (SSL_CIPHER **)Malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
         if (ca_list == NULL)
                 {
-                Free(list);
+                OPENSSL_free(list);
                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                 return(NULL);   /* Failure */
                 }
@@ -788,20 +788,20 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
                                                 ca_list);
 
-        Free(ca_list);  /* Not needed anymore */
+        OPENSSL_free(ca_list);  /* Not needed anymore */
 
         if (!ok)
                 {       /* Rule processing failure */
-                Free(list);
+                OPENSSL_free(list);
                 return(NULL);
                 }
         /*
          * Allocate new "cipherstack" for the result, return with error
          * if we cannot get one.
          */
-        if ((cipherstack = sk_SSL_CIPHER_new(NULL)) == NULL)
+        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
                 {
-                Free(list);
+                OPENSSL_free(list);
                 return(NULL);
                 }
 
@@ -819,7 +819,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
                         }
                 }
-        Free(list);     /* Not needed any longer */
+        OPENSSL_free(list);     /* Not needed any longer */
 
         /*
          * The following passage is a little bit odd. If pointer variables
@@ -975,13 +975,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 
         if (buf == NULL)
                 {
-                buf=Malloc(128);
-                if (buf == NULL) return("Malloc Error");
+                len=128;
+                buf=OPENSSL_malloc(len);
+                if (buf == NULL) return("OPENSSL_malloc Error");
                 }
         else if (len < 128)
                 return("Buffer too small");
 
-        sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
         return(buf);
         }
 
@@ -1036,7 +1037,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
         return(NULL);
         }
 
-static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+static int sk_comp_cmp(const SSL_COMP * const *a,
+                        const SSL_COMP * const *b)
         {
         return((*a)->id-(*b)->id);
         }
@@ -1051,7 +1053,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         SSL_COMP *comp;
         STACK_OF(SSL_COMP) *sk;
 
-        comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
+        comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
         comp->id=id;
         comp->method=cm;
         if (ssl_comp_methods == NULL)
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 642c3f93e7..17b4caf528 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
 {SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
 {SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_RECORD_TOO_SMALL                  ,"record too small"},
 {SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c515c41b4e..635b25062e 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -58,6 +58,8 @@
  * [including the GNU Public Licence.]
  */
 
+
+#include <assert.h>
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
@@ -183,7 +185,7 @@ SSL *SSL_new(SSL_CTX *ctx)
                 return(NULL);
                 }
 
-        s=(SSL *)Malloc(sizeof(SSL));
+        s=(SSL *)OPENSSL_malloc(sizeof(SSL));
         if (s == NULL) goto err;
         memset(s,0,sizeof(SSL));
 
@@ -239,7 +241,7 @@ err:
                         ssl_cert_free(s->cert);
                 if (s->ctx != NULL)
                         SSL_CTX_free(s->ctx); /* decrement reference count */
-                Free(s);
+                OPENSSL_free(s);
                 }
         SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
         return(NULL);
@@ -375,7 +377,7 @@ void SSL_free(SSL *s)
 
         if (s->method != NULL) s->method->ssl_free(s);
 
-        Free(s);
+        OPENSSL_free(s);
         }
 
 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
@@ -874,7 +876,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
                 }
         }
 
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
         {
         long l;
 
@@ -885,7 +887,8 @@ int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
                 return((l > 0)?1:-1);
         }
 
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp)
         {
         long l;
 
@@ -1033,7 +1036,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                 return(NULL);
                 }
         if ((skp == NULL) || (*skp == NULL))
-                sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
+                sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
         else
                 {
                 sk= *skp;
@@ -1099,7 +1102,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
                 goto err;
                 }
-        ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+        ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
         if (ret == NULL)
                 goto err;
 
@@ -1195,7 +1198,7 @@ err2:
         }
 
 static void SSL_COMP_free(SSL_COMP *comp)
-    { Free(comp); }
+    { OPENSSL_free(comp); }
 
 void SSL_CTX_free(SSL_CTX *a)
         {
@@ -1236,7 +1239,7 @@ void SSL_CTX_free(SSL_CTX *a)
                 sk_X509_pop_free(a->extra_certs,X509_free);
         if (a->comp_methods != NULL)
                 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-        Free(a);
+        OPENSSL_free(a);
         }
 
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
@@ -1759,13 +1762,13 @@ void ssl_clear_cipher_ctx(SSL *s)
         if (s->enc_read_ctx != NULL)
                 {
                 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                Free(s->enc_read_ctx);
+                OPENSSL_free(s->enc_read_ctx);
                 s->enc_read_ctx=NULL;
                 }
         if (s->enc_write_ctx != NULL)
                 {
                 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                Free(s->enc_write_ctx);
+                OPENSSL_free(s->enc_write_ctx);
                 s->enc_write_ctx=NULL;
                 }
         if (s->expand != NULL)
@@ -1843,19 +1846,16 @@ int ssl_init_wbio_buffer(SSL *s,int push)
 
 void ssl_free_wbio_buffer(SSL *s)
         {
-        BIO *under;
-
         if (s->bbio == NULL) return;
 
         if (s->bbio == s->wbio)
                 {
                 /* remove buffering */
-                under=BIO_pop(s->wbio);
-                if (under != NULL)
-                        s->wbio=under;
-                else
-                        abort(); /* ok */
-                }
+                s->wbio=BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
+                assert(s->wbio != NULL);
+#endif  
+        }
         BIO_free(s->bbio);
         s->bbio=NULL;
         }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 9a52bab254..d70fff4627 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -423,8 +423,9 @@ void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+                        const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp);
 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 9e01f72753..416def8908 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -111,7 +111,7 @@ SSL_SESSION *SSL_SESSION_new(void)
         {
         SSL_SESSION *ss;
 
-        ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
+        ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
         if (ss == NULL)
                 {
                 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
@@ -310,7 +310,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 #if 0 /* This is way too late. */
 
         /* If a thread got the session, then 'swaped', and another got
-         * it and then due to a time-out decided to 'Free' it we could
+         * it and then due to a time-out decided to 'OPENSSL_free' it we could
          * be in trouble.  So I'll increment it now, then double decrement
          * later - am I speaking rubbish?. */
         CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -474,7 +474,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
         if (ss->peer != NULL) X509_free(ss->peer);
         if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
         memset(ss,0,sizeof(*ss));
-        Free(ss);
+        OPENSSL_free(ss);
         }
 
 int SSL_set_session(SSL *s, SSL_SESSION *session)
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index c07d957576..6e33eec3e4 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
 int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
         {
         unsigned int i;
-        char str[128],*s;
+        char *s;
 
         if (x == NULL) goto err;
         if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
@@ -93,36 +93,41 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
                 s="TLSv1";
         else
                 s="unknown";
-        sprintf(str,"    Protocol  : %s\n",s);
-        if (BIO_puts(bp,str) <= 0) goto err;
+        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
 
         if (x->cipher == NULL)
                 {
                 if (((x->cipher_id) & 0xff000000) == 0x02000000)
-                        sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
+                                goto err;
+                        }
                 else
-                        sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+                        {
+                        if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
+                                goto err;
+                        }
                 }
         else
-                sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
-        if (BIO_puts(bp,str) <= 0) goto err;
+                {
+                if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
+                        goto err;
+                }
         if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
         for (i=0; i<x->session_id_length; i++)
                 {
-                sprintf(str,"%02X",x->session_id[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
         for (i=0; i<x->sid_ctx_length; i++)
                 {
-                sprintf(str,"%02X",x->sid_ctx[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
+                        goto err;
                 }
         if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
         for (i=0; i<(unsigned int)x->master_key_length; i++)
                 {
-                sprintf(str,"%02X",x->master_key[i]);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
         if (x->key_arg_length == 0)
@@ -132,8 +137,7 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
         else
                 for (i=0; i<x->key_arg_length; i++)
                         {
-                        sprintf(str,"%02X",x->key_arg[i]);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
                         }
         if (x->compress_meth != 0)
                 {
@@ -142,32 +146,26 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
                 ssl_cipher_get_evp(x,NULL,NULL,&comp);
                 if (comp == NULL)
                         {
-                        sprintf(str,"\n   Compression: %d",x->compress_meth);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
                         }
                 else
                         {
-                        sprintf(str,"\n   Compression: %d (%s)",
-                                comp->id,comp->method->name);
-                        if (BIO_puts(bp,str) <= 0) goto err;
+                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
                         }
                 }       
         if (x->time != 0L)
                 {
-                sprintf(str,"\n    Start Time: %ld",x->time);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
                 }
         if (x->timeout != 0L)
                 {
-                sprintf(str,"\n    Timeout   : %ld (sec)",x->timeout);
-                if (BIO_puts(bp,str) <= 0) goto err;
+                if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
                 }
         if (BIO_puts(bp,"\n") <= 0) goto err;
 
         if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
-        sprintf(str, "%ld (%s)\n", x->verify_result, 
-                        X509_verify_cert_error_string(x->verify_result));
-        if (BIO_puts(bp,str) <= 0) goto err;
+        if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
                 
         return(1);
 err:
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 279e45db5d..0d34357eb4 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -178,7 +178,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_read_ctx == NULL) &&
                         ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_read_ctx;
                 s->read_hash=m;
@@ -197,7 +197,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                                 }
                         if (s->s3->rrec.comp == NULL)
                                 s->s3->rrec.comp=(unsigned char *)
-                                        Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+                                        OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
                         if (s->s3->rrec.comp == NULL)
                                 goto err;
                         }
@@ -208,7 +208,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                 {
                 if ((s->enc_write_ctx == NULL) &&
                         ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                         goto err;
                 dd= s->enc_write_ctx;
                 s->write_hash=m;
@@ -355,9 +355,9 @@ int tls1_setup_key_block(SSL *s)
 
         ssl3_cleanup_key_block(s);
 
-        if ((p1=(unsigned char *)Malloc(num)) == NULL)
+        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 goto err;
-        if ((p2=(unsigned char *)Malloc(num)) == NULL)
+        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                 goto err;
 
         s->s3->tmp.key_block_length=num;
@@ -374,7 +374,7 @@ printf("pre-master\n");
 #endif
         tls1_generate_key_block(s,p1,p2,num);
         memset(p2,0,num);
-        Free(p2);
+        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
index dbb523bf15..b961dabc3c 100644
--- a/src/lib/libssl/test/Makefile.ssl
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -38,6 +38,7 @@ SHA1TEST=	sha1test
 MDC2TEST=       mdc2test
 RMDTEST=        rmdtest
 MD2TEST=        md2test
+MD4TEST=        md4test
 MD5TEST=        md5test
 HMACTEST=       hmactest
 RC2TEST=        rc2test
@@ -52,24 +53,27 @@ DSATEST=	dsatest
 METHTEST=       methtest
 SSLTEST=        ssltest
 RSATEST=        rsa_test
+ENGINETEST=     enginetest
 
-EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+EXE=    $(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
         $(RC2TEST) $(RC4TEST) $(RC5TEST) \
         $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
-        $(RANDTEST) $(DHTEST) \
+        $(RANDTEST) $(DHTEST) $(ENGINETEST) \
         $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
 
 # $(METHTEST)
 
-OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+OBJ=    $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+        $(HMACTEST).o \
         $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
         $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
-        $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
         $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
-SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+SRC=    $(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+        $(HMACTEST).c \
         $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
         $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-        $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
         $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
 
 EXHEADER= 
@@ -98,11 +102,12 @@ tags:
         ctags $(SRC)
 
 tests:  exe apps \
-        test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 \
         test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
         test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
         test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-        test_ss test_ssl test_ca
+        test_ss test_ca test_engine test_ssl
 
 apps:
         @(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
@@ -123,6 +128,9 @@ test_mdc2:
 test_md5:
         ./$(MD5TEST)
 
+test_md4:
+        ./$(MD4TEST)
+
 test_hmac:
         ./$(HMACTEST)
 
@@ -210,6 +218,10 @@ test_ss:
         @echo "Generate and certify a test certificate"
         @sh ./testss
 
+test_engine: 
+        @echo "Manipulate the ENGINE structures"
+        ./$(ENGINETEST)
+
 test_ssl:
         @echo "test SSL protocol"
         @sh ./testssl
@@ -264,6 +276,9 @@ $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
         $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+        $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
         $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
@@ -303,25 +318,31 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
         $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+        $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 bftest.o: ../include/openssl/blowfish.h
 bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
-bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
-bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
-bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+bntest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bntest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+bntest.o: ../include/openssl/err.h ../include/openssl/evp.h
+bntest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+bntest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+bntest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h
 casttest.o: ../include/openssl/cast.h
 destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
 destest.o: ../include/openssl/opensslconf.h
@@ -329,18 +350,37 @@ dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dhtest.o: ../include/openssl/stack.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dsatest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dsatest.o: ../include/openssl/symhacks.h
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enginetest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+enginetest.o: ../include/openssl/des.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enginetest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enginetest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enginetest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h
 exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
 exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
-exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-exptest.o: ../include/openssl/stack.h
+exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/symhacks.h
 hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
@@ -348,15 +388,17 @@ hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
 hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
 hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
-hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
 hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-hmactest.o: ../include/openssl/stack.h
+hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
 md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+md4test.o: ../include/openssl/md4.h
 md5test.o: ../include/openssl/md5.h
 mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
 mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
@@ -365,32 +407,35 @@ rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
 rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
 rc5test.o: ../include/openssl/rc5.h
 rmdtest.o: ../include/openssl/ripemd.h
-rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-rsa_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
 rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa_test.o: ../include/openssl/stack.h
+rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 sha1test.o: ../include/openssl/sha.h
 shatest.o: ../include/openssl/sha.h
 ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
-ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssltest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssltest.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssltest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssltest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssltest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssltest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssltest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssltest.o: ../include/openssl/x509_vfy.h
diff --git a/src/lib/libssl/test/enginetest.c b/src/lib/libssl/test/enginetest.c
new file mode 100644
index 0000000000..a5a3c47fcb
--- /dev/null
+++ b/src/lib/libssl/test/enginetest.c
@@ -0,0 +1,251 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        if(!ENGINE_remove(new_h1))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                free((char *)(ENGINE_get_id(block[loop])));
+                free((char *)(ENGINE_get_name(block[loop])));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        return to_return;
+        }
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index 1246d9a077..135e0bfeb9 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -143,7 +143,7 @@ $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The TEST Files.
 $!
-$ TEST_FILES = "BNTEST,IDEATEST,MD2TEST,MD5TEST,HMACTEST,"+ -
+$ TEST_FILES = "BNTEST,IDEATEST,MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
                "RC2TEST,RC4TEST,RC5TEST,"+ -
                "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ -
                "RANDTEST,DHTEST,"+ -
diff --git a/src/lib/libssl/test/md4test.c b/src/lib/libssl/test/md4test.c
new file mode 100644
index 0000000000..97e6e21efd
--- /dev/null
+++ b/src/lib/libssl/test/md4test.c
@@ -0,0 +1,131 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        exit(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
index 6bba16f137..e5b7866c31 100644
--- a/src/lib/libssl/test/testp7.pem
+++ b/src/lib/libssl/test/testp7.pem
@@ -1,46 +1,46 @@
 -----BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw
-ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G
-A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL
-EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X
-DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy
-bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g
-Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln
-aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz
-aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE
-KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO
-Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB
-AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL
-YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
-IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0
-bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50
-IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D
-UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg
-b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN
-b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz
-MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg
-UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC
-SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv
-MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw
-DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf
-gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ
-fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew
-HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl
-cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu
-IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B
-AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
-MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
-AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
-TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
-UNCaNQ1H26GCAa0wgcEwbTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0EX
-DTk2MDcxNzE3NDQwOVoXDTk4MDcxNzAwMDAwMFowDQYJKoZIhvcNAQECBQADQQB4
-rQNP8QLpAox83odQDE/5dqAuvDfshW/miTxwQTMXOoBtjGiowTcG+YXF1JZTJRMT
-jQN47tdH+6MCKt7N8MddMIHmMIGRMA0GCSqGSIb3DQEBAgUAMGIxETAPBgNVBAcT
-CEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
-aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlchcNOTYwNzE3
-MTc1OTI5WhcNOTcwNzE4MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBALm1VmE7FrEJ
-rLXvX/lIDMPAZIw5TNuX8EC6wn5ppy8Y3sHstdJEkTsqVGiS2/q+KEQC3NHxvV32
-bGooiIKLUB4xAAAAAAA=
+MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
+cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
+DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
+BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
+HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
+ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
+aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
+aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
+VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
+UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
+AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
+BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
+ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
+IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
+bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
+OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
+IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
+ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
+cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
+QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
+MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
+AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
+cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
+AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
+dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
+Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
+TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
+AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
+2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
+47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
+AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
+ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
+BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
+ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
+MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
+sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
+XfZsaiiIgotQHjEA
 -----END PKCS7-----
diff --git a/src/lib/libssl/test/tests.com b/src/lib/libssl/test/tests.com
index 040dafab8d..df8f46e75d 100644
--- a/src/lib/libssl/test/tests.com
+++ b/src/lib/libssl/test/tests.com
@@ -19,11 +19,12 @@ $	then
 $           tests = p1
 $       else
 $           tests := -
-        test_des,test_idea,test_sha,test_md5,test_hmac,test_md2,test_mdc2,-
+        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
+        test_md2,test_mdc2,-
         test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
         test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,-
         test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ssl,test_ca
+        test_ss,test_ca,test_ssl
 $       endif
 $       tests = f$edit(tests,"COLLAPSE")
 $
@@ -35,6 +36,7 @@ $	SHA1TEST :=	sha1test
 $       MDC2TEST :=     mdc2test
 $       RMDTEST :=      rmdtest
 $       MD2TEST :=      md2test
+$       MD4TEST :=      md4test
 $       MD5TEST :=      md5test
 $       HMACTEST :=     hmactest
 $       RC2TEST :=      rc2test
@@ -55,54 +57,58 @@ $ loop_tests:
 $       tests_e = f$element(tests_i,",",tests)
 $       tests_i = tests_i + 1
 $       if tests_e .eqs. "," then goto exit
-$       goto 'tests_e'
+$       gosub 'tests_e'
+$       goto loop_tests
 $
 $ test_des:
 $       mcr 'texe_dir''destest'
-$       goto loop_tests
+$       return
 $ test_idea:
 $       mcr 'texe_dir''ideatest'
-$       goto loop_tests
+$       return
 $ test_sha:
 $       mcr 'texe_dir''shatest'
 $       mcr 'texe_dir''sha1test'
-$       goto loop_tests
+$       return
 $ test_mdc2:
 $       mcr 'texe_dir''mdc2test'
-$       goto loop_tests
+$       return
 $ test_md5:
 $       mcr 'texe_dir''md5test'
-$       goto loop_tests
+$       return
+$ test_md4:
+$       mcr 'texe_dir''md4test'
+$       return
 $ test_hmac:
 $       mcr 'texe_dir''hmactest'
-$       goto loop_tests
+$       return
 $ test_md2:
 $       mcr 'texe_dir''md2test'
-$       goto loop_tests
+$       return
 $ test_rmd:
 $       mcr 'texe_dir''rmdtest'
-$       goto loop_tests
+$       return
 $ test_bf:
 $       mcr 'texe_dir''bftest'
-$       goto loop_tests
+$       return
 $ test_cast:
 $       mcr 'texe_dir''casttest'
-$       goto loop_tests
+$       return
 $ test_rc2:
 $       mcr 'texe_dir''rc2test'
-$       goto loop_tests
+$       return
 $ test_rc4:
 $       mcr 'texe_dir''rc4test'
-$       goto loop_tests
+$       return
 $ test_rc5:
 $       mcr 'texe_dir''rc5test'
-$       goto loop_tests
+$       return
 $ test_rand:
 $       mcr 'texe_dir''randtest'
-$       goto loop_tests
+$       return
 $ test_enc:
 $       @testenc.com
-$       goto loop_tests
+$       return
 $ test_x509:
 $       define sys$error nla0:
 $       write sys$output "test normal x509v1 certificate"
@@ -112,35 +118,35 @@ $	@tx509.com v3-cert1.pem
 $       write sys$output "test second x509v3 certificate"
 $       @tx509.com v3-cert2.pem
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_rsa:
 $       define sys$error nla0:
 $       @trsa.com
 $       deassign sys$error
 $       mcr 'texe_dir''rsatest'
-$       goto loop_tests
+$       return
 $ test_crl:
 $       define sys$error nla0:
 $       @tcrl.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_sid:
 $       define sys$error nla0:
 $       @tsid.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_req:
 $       define sys$error nla0:
 $       @treq.com
 $       @treq.com testreq2.pem
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_pkcs7:
 $       define sys$error nla0:
 $       @tpkcs7.com
 $       @tpkcs7d.com
 $       deassign sys$error
-$       goto loop_tests
+$       return
 $ test_bn:
 $       write sys$output "starting big number library test, could take a while..."
 $       create bntest-vms.fdl
@@ -164,36 +170,56 @@ $	write sys$output "-- through sh or bash to verify that the bignum operations w
 $       write sys$output ""
 $       write sys$output "test a^b%c implementations"
 $       mcr 'texe_dir''exptest'
-$       goto loop_tests
+$       return
 $ test_verify:
 $       write sys$output "The following command should have some OK's and some failures"
 $       write sys$output "There are definitly a few expired certificates"
 $       @tverify.com
-$       goto loop_tests
+$       return
 $ test_dh:
 $       write sys$output "Generate a set of DH parameters"
 $       mcr 'texe_dir''dhtest'
-$       goto loop_tests
+$       return
 $ test_dsa:
 $       write sys$output "Generate a set of DSA parameters"
 $       mcr 'texe_dir''dsatest'
-$       goto loop_tests
+$       return
 $ test_gen:
 $       write sys$output "Generate and verify a certificate request"
 $       @testgen.com
-$       goto loop_tests
+$       return
+$ maybe_test_ss:
+$       testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
+$       if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
+                goto test_ss
+$       return
 $ test_ss:
 $       write sys$output "Generate and certify a test certificate"
 $       @testss.com
-$       goto loop_tests
+$       return
 $ test_ssl:
 $       write sys$output "test SSL protocol"
-$       @testssl.com
-$       goto loop_tests
+$       gosub maybe_test_ss
+$       @testssl.com keyU.ss certU.ss certCA.ss
+$       return
 $ test_ca:
-$       write sys$output "Generate and certify a test certificate via the 'ca' program"
-$       @testca.com
-$       goto loop_tests
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping CA.com test -- requires RSA"
+$       else
+$           write sys$output "Generate and certify a test certificate via the 'ca' program"
+$           @testca.com
+$       endif
+$       return
 $
 $
 $ exit:
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 6e2b06d34f..cf92ae034f 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -84,6 +84,10 @@ extern "C" {
 #define TLS1_AD_USER_CANCELLED          90
 #define TLS1_AD_NO_RENEGOTIATION        100
 
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
@@ -92,6 +96,13 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
 
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"